Motoko · Motoko · CVE-2024-11991
**Name of the Vulnerable Software and Affected Versions**
Motoko (affected versions not specified)
**Description**
The incremental garbage collector in Motoko is affected by an uninitialized memory access bug. This issue is caused by the incorrect use of write barriers in a few locations, potentially allowing unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to have non-default features enabled, specifically the incremental garbage collector or enhanced orthogonal persistence.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.