CVE-2024-21525

July 10, 2024, 5:15 a.m.

8.3
High

Description

All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.

Product(s) Impacted

Product Versions
node-twain
  • All versions

Weaknesses

CWE-703
Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

References

https://gist.github.com/dellalibera/55b87634a6c360e5be22a715f0566c99
https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153

Tags

CWE-703
report@snyk.io
2024-07-10
CVE-2024-21525

CVSS Score

8.3 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: LOW
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Date

  • Published: July 10, 2024, 5:15 a.m.
  • Last Modified: July 10, 2024, 5:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

report@snyk.io

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.