Lucene search
HistoryApr 17, 2024 - 3:15 p.m.
CVE-2024-30253
solana javascript sdk
memory exhaustion
untrusted input
availability loss
nvd
vulnerability
fixed version
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
9.1%
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.
Affected configurations
Node
solana-labssolana_web3.jsRange1.91.0–1.91.3
ORsolana-labssolana_web3.jsRange1.90–1.90.2
ORsolana-labssolana_web3.jsRange1.89–1.89.2
ORsolana-labssolana_web3.jsMatch1.88.0
ORsolana-labssolana_web3.jsRange1.87.0–1.87.7
ORsolana-labssolana_web3.jsMatch1.86.0
ORsolana-labssolana_web3.jsMatch1.85.0
ORsolana-labssolana_web3.jsMatch1.84.0
ORsolana-labssolana_web3.jsMatch1.83.0
ORsolana-labssolana_web3.jsMatch1.82.0
ORsolana-labssolana_web3.jsMatch1.81.0
ORsolana-labssolana_web3.jsMatch1.80.0
ORsolana-labssolana_web3.jsMatch1.79.0
ORsolana-labssolana_web3.jsRange1.78–1.78.8
ORsolana-labssolana_web3.jsRange1.77–1.77.4
ORsolana-labssolana_web3.jsMatch1.76.0
ORsolana-labssolana_web3.jsMatch1.75.0
ORsolana-labssolana_web3.jsMatch1.74.0
ORsolana-labssolana_web3.jsRange1.73.0–1.73.5
ORsolana-labssolana_web3.jsMatch1.72.0
ORsolana-labssolana_web3.jsMatch1.71.0
ORsolana-labssolana_web3.jsRange1.70.0–1.70.4
ORsolana-labssolana_web3.jsMatch1.69.0
ORsolana-labssolana_web3.jsRange1.68.0–1.68.2
ORsolana-labssolana_web3.jsRange1.67.0–1.67.3
ORsolana-labssolana_web3.jsRange1.66.0–1.66.6
ORsolana-labssolana_web3.jsMatch1.65.0
ORsolana-labssolana_web3.jsMatch1.64.0
ORsolana-labssolana_web3.jsRange1.63.0–1.63.2
ORsolana-labssolana_web3.jsRange1.62.0–1.62.2
ORsolana-labssolana_web3.jsRange1.61.0–1.61.2
ORsolana-labssolana_web3.jsMatch1.60.0
ORsolana-labssolana_web3.jsRange1.59.0–1.59.2
ORsolana-labssolana_web3.jsMatch1.58.0
ORsolana-labssolana_web3.jsMatch1.57.0
ORsolana-labssolana_web3.jsRange1.56.0–1.56.3
ORsolana-labssolana_web3.jsMatch1.55.0
ORsolana-labssolana_web3.jsRange1.54.0–1.54.2
ORsolana-labssolana_web3.jsMatch1.53.0
ORsolana-labssolana_web3.jsMatch1.52.0
ORsolana-labssolana_web3.jsMatch1.51.0
ORsolana-labssolana_web3.jsRange1.50.0–1.50.2
ORsolana-labssolana_web3.jsMatch1.49.0
ORsolana-labssolana_web3.jsMatch1.48.0
ORsolana-labssolana_web3.jsRange1.47.0–1.47.5
ORsolana-labssolana_web3.jsMatch1.46.0
ORsolana-labssolana_web3.jsMatch1.45.0
ORsolana-labssolana_web3.jsRange1.44.0–1.44.4
ORsolana-labssolana_web3.jsRange1.43.0–1.43.7
ORsolana-labssolana_web3.jsMatch1.42.0
ORsolana-labssolana_web3.jsRange1.41.0–1.41.11
ORsolana-labssolana_web3.jsRange1.40.0–1.40.2
ORsolana-labssolana_web3.jsRange1.39.0–1.39.2
ORsolana-labssolana_web3.jsMatch1.38.0
ORsolana-labssolana_web3.jsRange1.37.0–1.37.3
ORsolana-labssolana_web3.jsMatch1.36.0
ORsolana-labssolana_web3.jsRange1.35.0–1.35.2
ORsolana-labssolana_web3.jsMatch1.34.0
ORsolana-labssolana_web3.jsMatch1.33.0
ORsolana-labssolana_web3.jsRange1.32.0–1.32.2
ORsolana-labssolana_web3.jsMatch1.31.0
ORsolana-labssolana_web3.jsRange1.30.0–1.30.3
ORsolana-labssolana_web3.jsRange1.29.0–1.29.4
ORsolana-labssolana_web3.jsMatch1.28.0
ORsolana-labssolana_web3.jsMatch1.27.0
ORsolana-labssolana_web3.jsMatch1.26.0
ORsolana-labssolana_web3.jsMatch1.25.0
ORsolana-labssolana_web3.jsRange1.24.0–1.24.3
ORsolana-labssolana_web3.jsMatch1.23.0
ORsolana-labssolana_web3.jsMatch1.22.0
ORsolana-labssolana_web3.jsMatch1.21.0
ORsolana-labssolana_web3.jsRange1.20.0–1.20.3
ORsolana-labssolana_web3.jsMatch1.19.0
ORsolana-labssolana_web3.jsMatch1.18.0
ORsolana-labssolana_web3.jsMatch1.17.0
ORsolana-labssolana_web3.jsRange1.16.0–1.16.2
ORsolana-labssolana_web3.jsMatch1.15.0
ORsolana-labssolana_web3.jsMatch1.14.0
ORsolana-labssolana_web3.jsMatch1.13.0
ORsolana-labssolana_web3.jsMatch1.12.0
ORsolana-labssolana_web3.jsMatch1.11.0
ORsolana-labssolana_web3.jsRange1.10.0–1.10.2
ORsolana-labssolana_web3.jsRange1.9.0–1.9.2
ORsolana-labssolana_web3.jsMatch1.8.0
ORsolana-labssolana_web3.jsRange1.7.0–1.7.2
ORsolana-labssolana_web3.jsMatch1.6.0
ORsolana-labssolana_web3.jsMatch1.5.0
ORsolana-labssolana_web3.jsMatch1.4.0
ORsolana-labssolana_web3.jsMatch1.3.0
ORsolana-labssolana_web3.jsRange1.2.0–1.2.8
ORsolana-labssolana_web3.jsRange1.1.0–1.1.2
ORsolana-labssolana_web3.jsRange<1.0.1
CNA Affected
[
{
"vendor": "solana-labs",
"product": "solana-web3.js",
"versions": [
{
"version": ">= 1.91.0, < 1.91.3",
"status": "affected"
},
{
"version": ">= 1.90, < 1.90.2",
"status": "affected"
},
{
"version": ">= 1.89, < 1.89.2",
"status": "affected"
},
{
"version": "= 1.88.0",
"status": "affected"
},
{
"version": ">=1.87.0, < 1.87.7",
"status": "affected"
},
{
"version": "= 1.86.0",
"status": "affected"
},
{
"version": "= 1.85.0",
"status": "affected"
},
{
"version": "= 1.84.0",
"status": "affected"
},
{
"version": "= 1.83.0",
"status": "affected"
},
{
"version": "= 1.82.0",
"status": "affected"
},
{
"version": "= 1.81.0",
"status": "affected"
},
{
"version": "= 1.80.0",
"status": "affected"
},
{
"version": "= 1.79.0",
"status": "affected"
},
{
"version": ">= 1.78, < 1.78.8",
"status": "affected"
},
{
"version": ">= 1.77, < 1.77.4",
"status": "affected"
},
{
"version": "= 1.76.0",
"status": "affected"
},
{
"version": "= 1.75.0",
"status": "affected"
},
{
"version": "= 1.74.0",
"status": "affected"
},
{
"version": ">= 1.73.0, < 1.73.5",
"status": "affected"
},
{
"version": "= 1.72.0",
"status": "affected"
},
{
"version": "= 1.71.0",
"status": "affected"
},
{
"version": ">= 1.70.0, < 1.70.4",
"status": "affected"
},
{
"version": "= 1.69.0",
"status": "affected"
},
{
"version": ">= 1.68.0, < 1.68.2",
"status": "affected"
},
{
"version": ">= 1.67.0, < 1.67.3",
"status": "affected"
},
{
"version": ">= 1.66.0, < 1.66.6",
"status": "affected"
},
{
"version": "= 1.65.0",
"status": "affected"
},
{
"version": "= 1.64.0",
"status": "affected"
},
{
"version": ">= 1.63.0, < 1.63.2",
"status": "affected"
},
{
"version": ">= 1.62.0, < 1.62.2",
"status": "affected"
},
{
"version": ">= 1.61.0, < 1.61.2",
"status": "affected"
},
{
"version": "= 1.60.0",
"status": "affected"
},
{
"version": ">= 1.59.0, < 1.59.2",
"status": "affected"
},
{
"version": "= 1.58.0",
"status": "affected"
},
{
"version": "= 1.57.0",
"status": "affected"
},
{
"version": ">= 1.56.0, < 1.56.3",
"status": "affected"
},
{
"version": "= 1.55.0",
"status": "affected"
},
{
"version": ">= 1.54.0, < 1.54.2",
"status": "affected"
},
{
"version": "= 1.53.0",
"status": "affected"
},
{
"version": "= 1.52.0",
"status": "affected"
},
{
"version": "= 1.51.0",
"status": "affected"
},
{
"version": ">= 1.50.0, < 1.50.2",
"status": "affected"
},
{
"version": "= 1.49.0",
"status": "affected"
},
{
"version": "= 1.48.0",
"status": "affected"
},
{
"version": ">= 1.47.0, < 1.47.5",
"status": "affected"
},
{
"version": "= 1.46.0",
"status": "affected"
},
{
"version": "= 1.45.0",
"status": "affected"
},
{
"version": ">= 1.44.0, < 1.44.4",
"status": "affected"
},
{
"version": ">= 1.43.0, < 1.43.7",
"status": "affected"
},
{
"version": "= 1.42.0",
"status": "affected"
},
{
"version": ">= 1.41.0, < 1.41.11",
"status": "affected"
},
{
"version": ">= 1.40.0, < 1.40.2",
"status": "affected"
},
{
"version": ">= 1.39.0, < 1.39.2",
"status": "affected"
},
{
"version": "= 1.38.0",
"status": "affected"
},
{
"version": ">= 1.37.0, < 1.37.3",
"status": "affected"
},
{
"version": "= 1.36.0",
"status": "affected"
},
{
"version": ">= 1.35.0, < 1.35.2",
"status": "affected"
},
{
"version": "= 1.34.0",
"status": "affected"
},
{
"version": "= 1.33.0",
"status": "affected"
},
{
"version": ">= 1.32.0, < 1.32.2",
"status": "affected"
},
{
"version": "= 1.31.0",
"status": "affected"
},
{
"version": ">= 1.30.0, < 1.30.3",
"status": "affected"
},
{
"version": ">= 1.29.0, < 1.29.4",
"status": "affected"
},
{
"version": "= 1.28.0",
"status": "affected"
},
{
"version": "= 1.27.0",
"status": "affected"
},
{
"version": "= 1.26.0",
"status": "affected"
},
{
"version": "= 1.25.0",
"status": "affected"
},
{
"version": ">= 1.24.0, < 1.24.3",
"status": "affected"
},
{
"version": "= 1.23.0",
"status": "affected"
},
{
"version": "= 1.22.0",
"status": "affected"
},
{
"version": "= 1.21.0",
"status": "affected"
},
{
"version": ">= 1.20.0, < 1.20.3",
"status": "affected"
},
{
"version": "= 1.19.0",
"status": "affected"
},
{
"version": "= 1.18.0",
"status": "affected"
},
{
"version": "= 1.17.0",
"status": "affected"
},
{
"version": ">= 1.16.0, < 1.16.2",
"status": "affected"
},
{
"version": "= 1.15.0",
"status": "affected"
},
{
"version": "= 1.14.0",
"status": "affected"
},
{
"version": "= 1.13.0",
"status": "affected"
},
{
"version": "= 1.12.0",
"status": "affected"
},
{
"version": "= 1.11.0",
"status": "affected"
},
{
"version": ">= 1.10.0, < 1.10.2",
"status": "affected"
},
{
"version": " >= 1.9.0, < 1.9.2",
"status": "affected"
},
{
"version": "= 1.8.0",
"status": "affected"
},
{
"version": ">= 1.7.0, < 1.7.2",
"status": "affected"
},
{
"version": "= 1.6.0",
"status": "affected"
},
{
"version": "= 1.5.0",
"status": "affected"
},
{
"version": "= 1.4.0",
"status": "affected"
},
{
"version": "= 1.3.0",
"status": "affected"
},
{
"version": ">= 1.2.0, < 1.2.8",
"status": "affected"
},
{
"version": ">= 1.1.0, < 1.1.2",
"status": "affected"
},
{
"version": "< 1.0.1",
"status": "affected"
}
]
}
]Related
osv
osv
CVE-2024-30253
2024-04-17 15:15:07
cvelist
cvelist
github
github
veracode
veracode
Denial Of Service
2024-04-18 10:00:37
nvd
nvd
CVE-2024-30253
2024-04-17 15:15:07
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2024-30253