CVE-2024-21524

Name of the Vulnerable Software and Affected Versions node-stringbuilder versions all

Description The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are called on a StringBuilder object with a non-empty string value input. Providing negative indexes can result in the return of previously allocated memory, leading to an Information Disclosure.

Recommendations For all versions, consider disabling the ToBuffer, ToString, and CharAt methods on StringBuilder objects until a patch is available to prevent potential Information Disclosure. Restrict the use of negative indexes to minimize the risk of exploitation.