Lucene search
GoogleOSV:GHSA-9F24-JQHM-JFCWHistoryFeb 16, 2024 - 3:59 p.m.
fetch(url) leads to a memory leak in undici
2024-02-1615:59:38
Google
osv.dev
4
undici
memory leak
fetch
url
software
patches
v6.6.1
workarounds
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Impact
Calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.
Patches
Patched in v6.6.1
Workarounds
Make sure to always consume the incoming body.
References
Related
nvd
nvd
CVE-2024-24750
2024-02-16 22:15:07
prion
prion
Memory corruption
2024-02-16 22:15:00
debiancve
debiancve
CVE-2024-24750
2024-02-16 22:15:07
cve
cve
CVE-2024-24750
2024-02-16 22:15:07
github
github
fetch(url) leads to a memory leak in undici
2024-02-16 15:59:38
osv
osv
CVE-2024-24750
2024-02-16 22:15:07
redhatcve
redhatcve
CVE-2024-24750
2024-02-18 11:49:30
ubuntucve
ubuntucve
CVE-2024-24750
2024-02-16 00:00:00
cvelist
cvelist
CVE-2024-24750 Backpressure request ignored in fetch() in Undici
2024-02-16 21:42:29
veracode
veracode
Denial Of Service (DoS)
2024-02-19 06:11:39
ibm
ibm
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Related for OSV:GHSA-9F24-JQHM-JFCW