Control: tags -1 + confirmed On Mon, 2020-08-31 at 21:09 +0200, Xavier Guimard wrote: > node-bl is vunerable to CVE-2020-8244 (#969309): A buffer over-read > vulnerability exists which could allow an attacker to supply user > input (even typed) that if it ends up in consume() argument and can > become negative, the BufferList state can be corrupted, tricking it > into exposing uninitialized memory via regular .slice() calls. >
Please go ahead. Regards, Adam
