CVE-2024-21524

July 10, 2024, 5:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

node-stringbuilder

Source

report@snyk.io

Tags

CVE-2024-21524 details

Published : July 10, 2024, 5:15 a.m.
Last Modified : July 10, 2024, 5:15 a.m.

Description

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.

CVSS Score

1 2 3 4 5 6 7 8.2 9 10

Weakness

Weakness Name Description
CWE-125 Out-of-bounds Read The product reads data past the end, or before the beginning, of the intended buffer.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

8.2

Exploitability Score

3.9

Impact Score

4.2

Base Severity

HIGH

This website uses the NVD API, but is not approved or certified by it.