CVE-2024-21525

Name of the Vulnerable Software and Affected Versions node-twain versions all

Description The issue arises from improper check or handling of exceptional conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow.

Recommendations For all versions, consider restricting the length of productName, productFamily, manufacturer, and version.info properties to less than 34 characters to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the creation of new twain.TwainSDK instances with long property values. At the moment, there is no information about a newer version that contains a fix for this vulnerability.