uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
Description
v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). By contrast, v4, v1, and v7 explicitly throw RangeError on invalid bounds.
This inconsistency allows silent partial writes into caller-provided buffers.
Links
GHSA-w5hq-g745-h8pq
https://github.com/uuidjs/uuid
uuidjs/uuid@3d2c5b0
https://github.com/uuidjs/uuid/releases/tag/v14.0.0
GHSA-w5hq-g745-h8pq
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
Description
v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). By contrast, v4, v1, and v7 explicitly throw RangeError on invalid bounds.
This inconsistency allows silent partial writes into caller-provided buffers.
Links
GHSA-w5hq-g745-h8pq
https://github.com/uuidjs/uuid
uuidjs/uuid@3d2c5b0
https://github.com/uuidjs/uuid/releases/tag/v14.0.0
GHSA-w5hq-g745-h8pq