CVE-2024-11991

Name of the Vulnerable Software and Affected Versions Motoko (affected versions not specified)

Description The incremental garbage collector in Motoko is affected by an uninitialized memory access bug. This issue is caused by the incorrect use of write barriers in a few locations, potentially allowing unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to have non-default features enabled, specifically the incremental garbage collector or enhanced orthogonal persistence.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.