Miggo Logo
Miggo Vulnerability Database
CVE-2025-3194

CVE-2025-3194:
bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-3194
GHSA ID
GHSA-3gc7-fjrx-p6mg
EPSS Score
0.1766%
CWE
CWE-120
Published
4/4/2025
Updated
4/4/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
bigint-buffernpm<= 1.1.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability reports consistently point to the toBigIntLE function as the source of the buffer overflow vulnerability. The function's implementation in index.ts shows it performs buffer operations without proper input validation or size checking. When examining the source code, we can see the function takes a Buffer parameter and performs operations on it without any size validation, which matches the classic buffer overflow pattern (CWE-120). The vulnerability manifests when this function processes malicious or malformed input buffers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* t** p**k*** *i*int-*u***r *rom *.*.* to *.*.* *r* vuln*r**l* to *u***r Ov*r*low in t** to*i*IntL*() *un*tion. *tt**k*rs **n *xploit t*is to *r*s* t** *ppli**tion.

Reasoning

T** vuln*r**ility r*ports *onsist*ntly point to t** `to*i*IntL*` *un*tion *s t** sour** o* t** *u***r ov*r*low vuln*r**ility. T** *un*tion's impl*m*nt*tion in `in**x.ts` s*ows it p*r*orms *u***r op*r*tions wit*out prop*r input v*li**tion or siz* ****