CVE-2025-3194: bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function

April 4, 2025

Versions of the package bigint-buffer from 0.0.0 to 1.1.5 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

References

github.com/advisories/GHSA-3gc7-fjrx-p6mg
github.com/no2chem/bigint-buffer
github.com/no2chem/bigint-buffer/blob/master/src/index.ts
nvd.nist.gov/vuln/detail/CVE-2025-3194
security.snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597
www.usenix.org/system/files/sec23fall-prepub-262_staicu.pdf

Code Behaviors & Features

Detect and mitigate CVE-2025-3194 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →