Описание
Deno improperly handles resizable ArrayBuffer
Impact
Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write.
It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0.
Deno Deploy users are not affected.
Patches
The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. A future version of Deno will re-enable resizable ArrayBuffers with a proper fix.
Workarounds
Upgrade to Deno 1.32.1, or run with --v8-flags=--no-harmony-rab-gsab to disable resizable ArrayBuffers.
Пакеты
Deno
= 1.32.0
1.32.1
serde_v8
= 0.87.0
0.88.0
deno_runtime
= 0.102.0
0.103.0
Связанные уязвимости
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.
Уязвимость среды выполнения для JavaScript и TypeScript Deno, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код