CVE-2024-21521

July 10, 2024, 5:15 a.m.

7.5
High

Description

All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.

Product(s) Impacted

Product Versions
@discordjs/opus
  • All versions

Weaknesses

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://gist.github.com/dellalibera/98c48fd74bb240adbd7841a5c02aba9e
https://github.com/discordjs/opus/blob/814e500c2785c5207ace19650192629beba2728b/src/node-opus.cc%23L47
https://security.snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-6370643

Tags

CWE-400
report@snyk.io
2024-07-10
CVE-2024-21521

CVSS Score

7.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: July 10, 2024, 5:15 a.m.
  • Last Modified: July 10, 2024, 5:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

report@snyk.io

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.