PT-2024-7923 · Braces+5 · Braces+5

Archanasharma3

Published

2024-01-24

Updated

2026-06-04

CVE-2024-4068

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions braces versions prior to 3.0.3

Description The issue is related to uncontrolled resource consumption. If a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to allocate heap memory without freeing it, eventually leading to a crash due to the JavaScript heap limit being reached.

Recommendations For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent "imbalanced braces" from being sent to the lib/parse.js module until a patch is available.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1050CWE-400

Related Identifiers

ALT-PU-2025-9506

ALT-PU-2025-9551

AZL-42034

AZL-44020

AZL-44562

BDU:2024-09427

CVE-2024-4068

GHSA-GRV7-FG5C-XMJG

OPENSUSE-SU-2024:14257-1

OPENSUSE-SU-2024:14258-1

OPENSUSE-SU-2024_3771-1

OPENSUSE-SU-2025:14663-1

OPENSUSE-SU-2025_1326-1

RHSA-2024:8075

RHSA-2024:8076

RHSA-2024:8077

SUSE-SU-2024:3771-1

SUSE-SU-2025:01326-1

SUSE-SU-2025:1326-1

Affected Products

Alt Linux

Bitbucket

Debian

Red Os

Suse

Braces

PT-2024-7923 · Braces+5 · Braces+5

CVE-2024-4068

Weakness Enumeration

Related Identifiers

Affected Products

References · 89