CVE-2026-31988LOWCVSS 6.92026
CVE-2026-31988 [MEDIUM] CVE-2026-31988: node-yauzl - yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-...
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a
debian