CVE-2026-31988MEDIUMCVSS 6.9≥ 3.2.0, < 3.2.12026-03-11
CVE-2026-31988 [MEDIUM] CWE-193 CVE-2026-31988: yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker
ghsanvdosvredhat