CVE-2026-31988 — Off-by-one Error in Yauzl
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 65.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 11
Latest updateApr 17
Description
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This a…
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Packages16 packages
🔴Vulnerability Details
3📋Vendor Advisories
2🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2026-31988 rust: yauzl: Denial of Service vulnerability in zip file processing [fedora-all]↗2026-04-17
Bugzilla▶
CVE-2026-31988 qt5-qtwebengine: yauzl: Denial of Service vulnerability in zip file processing [fedora-all]↗2026-04-17
Bugzilla▶
CVE-2026-31988 qt6-qtwebengine: yauzl: Denial of Service vulnerability in zip file processing [epel-all]↗2026-04-17
Bugzilla▶
CVE-2026-31988 yarnpkg: yauzl: Denial of Service vulnerability in zip file processing [epel-all]↗2026-04-17
Bugzilla▶
CVE-2026-31988 yarnpkg: yauzl: Denial of Service vulnerability in zip file processing [fedora-all]↗2026-04-17