PT-2026-49579 · Npm · Electron
Published
2026-06-15
·
Updated
2026-06-16
·
CVE-2026-54257
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Electron versions 42.3.1 through 42.3.2
Description
Incorrect byte length calculations in the Node.js
Buffer API cause heap underflow or overflow, which can lead to memory corruption or application crashes. This issue may result in incorrect buffer allocations, causing unexpected truncation or allocation. The flaw requires no privileges or user interaction to be triggered.Recommendations
Upgrade to version 42.3.3.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Electron