117 matches found
PT-2026-3092
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
EUVD-2018-13756
Malware in sbrugna...
EUVD-2018-13754
Malware in sbrugna...
EUVD-2014-1589
Malware in sbrugna...
EUVD-2021-29818
Malicious code in bioql PyPI...
EUVD-2021-33018
Malicious code in bioql PyPI...
EUVD-2024-2235
Malicious code in bioql PyPI...
CVE-2021-42863
A buffer overflow in ecmabuiltintypedarrayprototypefilter in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size...
CVE-2018-21240
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer0xfffffffe call...
CVE-2018-21238
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer0xfffffffe call...
PT-2025-40348
Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description A use-after-free condition exists in V8 when evaluating the compile-time options parameter, which detaches the ArrayBuffer holding the wire bytes. This issue was reported by Google Big Sleep...
Undici vulnerable to data leak when using response.arrayBuffer()
Impact Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. Patches This has been patched in v6.19.2. Workarounds There are no known workaround. References https://github.com/nodejs/undici/issues/3337...
GHSA-3G92-W8C5-73PQ Undici vulnerable to data leak when using response.arrayBuffer()
Impact Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. Patches This has been patched in v6.19.2. Workarounds There are no known workaround. References https://github.com/nodejs/undici/issues/3337...
Memory Disclosure
Undici is vulnerable to Memory Leakage. The vulnerability is due to the response.arrayBuffer method, which potentially allows an attacker to exposes sensitive portions of memory from Node.js process depending on the network and process conditions...
UBUNTU-CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer()
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...
CVE-2023-28445 Deno improperly handles resizable ArrayBuffer
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...
CVE-2023-28445 Deno improperly handles resizable ArrayBuffer
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...
CVE-2023-28445
CVE-2023-28445 affects Deno (Rust-based runtime for JavaScript/TypeScript). The issue arises from resizing ArrayBuffers passed to asynchronous functions that are shrunk during the operation, potentially causing an out-of-bounds read/write. The only affected release is Deno 1.32.0; Deno Deploy is ...
Deno improperly handles resizable ArrayBuffer
Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...