CVE-2024-29900

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29900.json
Aliases
Published
2024-03-29T16:15:08Z
Modified
2024-04-01T07:00:42.713729Z
Details

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.

References

Affected packages

Git / github.com/electron/packager

Affected ranges

Type
GIT
Repo
https://github.com/electron/packager
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

v1.*

v1.1.0
v1.2.0

v10.*

v10.0.0
v10.1.0
v10.1.1
v10.1.2

v11.*

v11.0.0
v11.0.1
v11.1.0
v11.2.0

v12.*

v12.0.0
v12.0.1
v12.0.2
v12.1.0
v12.1.1
v12.1.2
v12.2.0

v13.*

v13.0.0
v13.0.1
v13.1.0
v13.1.1

v14.*

v14.0.0
v14.0.1
v14.0.2
v14.0.3
v14.0.4
v14.0.5
v14.0.6
v14.1.0
v14.1.1
v14.2.0
v14.2.1

v15.*

v15.0.0
v15.1.0
v15.2.0
v15.3.0
v15.4.0
v15.5.0
v15.5.1
v15.5.2

v16.*

v16.0.0

v17.*

v17.0.0
v17.1.0
v17.1.1
v17.1.2

v18.*

v18.0.0
v18.1.0
v18.1.1
v18.1.2
v18.1.3
v18.2.0
v18.3.0

v2.*

v2.0.0
v2.1.0
v2.1.1

v3.*

v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0

v5.*

v5.0.0
v5.0.1
v5.0.2
v5.1.0
v5.1.1
v5.2.1

v6.*

v6.0.0
v6.0.1
v6.0.2

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.1.0
v7.2.0
v7.3.0
v7.4.0
v7.5.0
v7.5.1
v7.6.0
v7.7.0

v8.*

v8.0.0
v8.1.0
v8.2.0
v8.3.0
v8.4.0
v8.5.0
v8.5.1
v8.5.2
v8.6.0
v8.7.0

v9.*

v9.0.0
v9.0.1
v9.1.0