Key Information Vulnerability Type: Buffer Overflow Affected Package: bigint-buffer Affected Versions: >=0.0.0 Introduced Date: 20 Mar 2023 CVE ID: CVE-2025-3194 CWE ID: CWE-120 Severity Score: 8.7 (High) CVSS Assessment: Performed by Snyk’s security team Remediation Advice: No fixed version available; manual fix required Summary: bigint-buffer is a Node.js utility for converting TC39-proposed BigInts to and from buffers. Affected versions contain a buffer overflow vulnerability in the function, which attackers can exploit to crash the application. PoC Code: References: - Native Node Extension Risks - Vulnerable Code CVSS Base Scores: - Version: 4.0 - Attack Vector: Network - Attack Complexity: Low - Attack Requirements: None - Privileges Required: None - User Interaction: None - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High Threat Intelligence: - Exploit Maturity: Proof of Concept - EPSS: 0.04% (9th percentile) Snyk ID: SNYK-JS-BIGINTBUFFER-3364597 Published Date: 3 Apr 2025 Disclosure Date: 20 Mar 2023 Contributor: Cris Staicu