PT-2023-2318 · Deno · Deno

Lucacasonato

Publicado

2023-03-23

Atualizado

2023-03-31

CVE-2023-28445

CVSS v3.1

9.9

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Deno version 1.32.0

Description The issue is related to resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation, which could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild. Deno Deploy users are not affected.

Recommendations For Deno version 1.32.0, upgrade to Deno 1.32.1 to resolve the issue. As a temporary workaround for Deno version 1.32.0, run with --v8-flags=--no-harmony-rab-gsab to disable resizable ArrayBuffers.

Exploit

Correção

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-125

Identificadores relacionados

BDU:2023-02082

CVE-2023-28445

GHSA-C25X-CM9X-QQGX

Produtos afetados

Deno

PT-2023-2318 · Deno · Deno

CVE-2023-28445

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13