0

When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this? Like if you take in the string without validating it's just numbers, is there any risk?

Are there any known CVEs around this?

scaly
  • 101
  • Did you try to search this online? – Limit Feb 19 '21 at 18:19
  • You would hope that the parsers to correctly throw an exception if the input is not properly formatted. If not, then I would expect somebody to raise a CVE and the implementors do fix it in a patch. So do you mean have their ever been any historical CVEs relating to parsing these types in java or javascript implementatians, or do you mean are there currently open CVEs (ie CVEs for which a patch has not been produced yet)? Either way, you can easily search for "BigDecimal" ect on a CVE searching site like https://cvedetails.com. – Mike Ounsworth Feb 22 '21 at 02:06

0 Answers0