Опубликовано: 10 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
audify vulnerable to Improper Validation of Array Index
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-21522
- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp#L53
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
Пакеты
Наименование
audify
npm
Затронутые версииВерсия исправления
<= 1.9.0
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.