CVE-2024-29900

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29900

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29900.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29900

Aliases

GHSA-34h3-8mw4-qw57

Published

2024-03-29T15:15:45Z

Modified

2025-10-15T09:20:55.365277Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

@electron/packager's build process memory potentially leaked into final executable

Details

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.

References

Affected packages

Git / github.com/electron/packager

Affected ranges

Type: GIT
Repo: https://github.com/electron/packager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

224cc6a28ddfcf4d1a184a25d10833cf153e3bda

Affected versions

v1.*

v1.1.0

v1.2.0

v10.*

v10.0.0

v10.1.0

v10.1.1

v10.1.2

v11.*

v11.0.0

v11.0.1

v11.1.0

v11.2.0

v12.*

v12.0.0

v12.0.1

v12.0.2

v12.1.0

v12.1.1

v12.1.2

v12.2.0

v13.*

v13.0.0

v13.0.1

v13.1.0

v13.1.1

v14.*

v14.0.0

v14.0.1

v14.0.2

v14.0.3

v14.0.4

v14.0.5

v14.0.6

v14.1.0

v14.1.1

v14.2.0

v14.2.1

v15.*

v15.0.0

v15.1.0

v15.2.0

v15.3.0

v15.4.0

v15.5.0

v15.5.1

v15.5.2

v16.*

v16.0.0

v17.*

v17.0.0

v17.1.0

v17.1.1

v17.1.2

v18.*

v18.0.0

v18.1.0

v18.1.1

v18.1.2

v18.1.3

v18.2.0

v18.3.0

v2.*

v2.0.0

v2.1.0

v2.1.1

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.2.0

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.1.0

v5.1.1

v5.2.1

v6.*

v6.0.0

v6.0.1

v6.0.2

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.1.0

v7.2.0

v7.3.0

v7.4.0

v7.5.0

v7.5.1

v7.6.0

v7.7.0

v8.*

v8.0.0

v8.1.0

v8.2.0

v8.3.0

v8.4.0

v8.5.0

v8.5.1

v8.5.2

v8.6.0

v8.7.0

v9.*

v9.0.0

v9.0.1

v9.1.0

Git / github.com/electron/packager

Affected ranges

Type: GIT
Repo: https://github.com/electron/packager
Events: Introduced

224cc6a28ddfcf4d1a184a25d10833cf153e3bda

Fixed

d421d4bd3ced889a4143c5c3ab6d95e3be249eee

Affected versions

v18.*

v18.3.0