CVE-2022-25345

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25345

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25345.json

Aliases

GHSA-rvgf-69j7-xh78
SNYK-JS-DISCORDJSOPUS-2403100

Published

2022-06-17T20:15:10Z

Modified

2023-11-08T04:08:46.481780Z

Details

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

References

https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100
https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28

Affected packages

Alpine:v3.18 / opus

Package

Name: opus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0