uuid Library Buffer Overwrite Vulnerability in UUID Generation Functions

A vulnerability exists in the uuid library, specifically in versions prior to 14.0.0, within the UUID generation functions v3, v5, and v6. These functions accept external output buffers but lack proper validation to prevent out-of-range writes. This oversight enables silent partial writes into buffers provided by the caller, potentially leading to the creation of malformed or truncated UUIDs without any error indication. In contrast, functions v4, v1, and v7 correctly throw a RangeError for invalid buffer bounds.

Impact

Exploitation of this vulnerability can cause integrity issues by allowing silent partial writes into caller-provided buffers, leading to malformed or truncated UUIDs. In applications that expose caller-controlled offsets or buffer sizes, this could result in a security-relevant logic flaw.

Reproduction

The vulnerability can be reproduced by using the uuid library versions through 13.0.0. After installing the package and building it, the UUID generation functions v5 and v6 can be called with a custom buffer and an offset that triggers the out-of-range write. This will demonstrate the lack of proper bounds checking, as these functions will not throw an error despite the invalid input, unlike function v4 which correctly raises a RangeError.

Remediation

Users should upgrade to uuid version 14.0.0 or later, where this vulnerability has been fixed.