CVE-2023-28445

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Deno version 1.32.0

Description The issue is related to resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation, which could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild. Deno Deploy users are not affected.

Recommendations For Deno version 1.32.0, upgrade to Deno 1.32.1 to resolve the issue. As a temporary workaround for Deno version 1.32.0, run with --v8-flags=--no-harmony-rab-gsab to disable resizable ArrayBuffers.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

BDU:2023-02082

CVE-2023-28445

GHSA-C25X-CM9X-QQGX

Affected Products

Deno

CVE-2023-28445

Weakness Enumeration

Related Identifiers

Affected Products

References · 13