CVE-2023-28445

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28445
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28445.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28445
Aliases
Published
2023-03-24T00:15:15Z
Modified
2024-09-03T04:27:29.066034Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with --v8-flags=--no-harmony-rab-gsab to disable resizable ArrayBuffers.

References

Affected packages

Git / github.com/denoland/deno_std

Affected ranges

Type
GIT
Repo
https://github.com/denoland/deno_std
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

0.*

0.85.0
0.86.0
0.87.0

Other

20190516
20190520

v0.*

v0.1.11
v0.1.12
v0.10.0
v0.11.0
v0.12.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.20.0
v0.3.0
v0.3.1
v0.3.10
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.8
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0