CVE-2024-38375
- Source
- https://cve.org/CVERecord?id=CVE-2024-38375
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38375.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38375
- Aliases
- Published
- 2024-06-26T18:46:12.471Z
- Modified
- 2026-03-14T12:34:47.081937Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H CVSS Calculator
- Summary
- @fastly/js-compute use-after-free in some host call implementations
- Details
-
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the
@fastly/js-computepackage. - Database specific
{ "cwe_ids": [ "CWE-416" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38375.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38375.json
- https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3
- https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv
- https://nvd.nist.gov/vuln/detail/CVE-2024-38375
Affected packages
Git / github.com/fastly/js-compute-runtime
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fastly/js-compute-runtime
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/fastly/js-compute-runtime
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
dev
v0.*
v0.1.0
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.4.0
v0.5.0
v0.5.10
v0.5.11
v0.5.12
v0.5.13
v0.5.14
v0.5.15
v0.5.2
v0.5.3
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.12.0
v1.13.0
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.9.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.4.0
v2.5.0
v3.*
v3.0.0
v3.1.0
v3.1.1
v3.10.0
v3.11.0
v3.12.0
v3.12.1
v3.13.0
v3.13.1
v3.14.0
v3.14.1
v3.14.2
v3.15.0
v3.2.0
v3.2.1
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.4.0
v3.5.0
v3.6.0
v3.6.1
v3.6.2
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.9.0
v3.9.1
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"213375228911496011284048462469818416530",
"15839923401657979613890299177309647967",
"229020629453698824424268211530371245241",
"58735036091239992543763559616450337966",
"157838897318592531097021253735612307766",
"170789445151969746844077421026136048934",
"88790723601321382052723622227154552231",
"98724536703323644889737119078589859233",
"253690686299740864689963887841570106376",
"228814143152336153075470524208128371147",
"1427576535806725227276944277058472870",
"307920445597207937242928224469885499988",
"154163287063621141470641037470464420296",
"164633010404636534734185832302112303007",
"328285654447113466198515749272091285212",
"339926867952758820917322609174978739803",
"81891002541257859893963049075193557280",
"214087406079956514843383559496109855717",
"291718405784181134169085517903488134892",
"146795972645045251370256046682894857247",
"292847464558441208383347684518051101715",
"276820262617185966707211784959229132770",
"280115130551846487450343093576309218876",
"195297439475363290198193800328043899115",
"209275960213742910898547873068098466545",
"24737225083269113212052588193051330484",
"3202093062068446365596141913895009922",
"162406223611947340341403643611168420685",
"29054677032466657588918199895196753923",
"171243014386257846705978285081349906602",
"124781033276728384626071980206076932262"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-38375-065b4c7d",
"target": {
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 482.0,
"function_hash": "234919812295901918094339412678780029092"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-16baabc7",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_client_hello",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 675.0,
"function_hash": "180345000339405095981612431345438191176"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-2eaad5ae",
"target": {
"function": "fastly_compute_at_edge_device_detection_lookup",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 568.0,
"function_hash": "254591547660798199369633847213337185883"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-352d1a36",
"target": {
"function": "fastly_compute_at_edge_cache_get_user_metadata",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 539.0,
"function_hash": "124729098453303865489508925412105561727"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-47f8664e",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_protocol",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"213375228911496011284048462469818416530",
"15839923401657979613890299177309647967",
"229020629453698824424268211530371245241",
"58735036091239992543763559616450337966",
"157838897318592531097021253735612307766",
"170789445151969746844077421026136048934",
"88790723601321382052723622227154552231",
"98724536703323644889737119078589859233",
"253690686299740864689963887841570106376",
"228814143152336153075470524208128371147",
"1427576535806725227276944277058472870",
"307920445597207937242928224469885499988",
"154163287063621141470641037470464420296",
"164633010404636534734185832302112303007",
"328285654447113466198515749272091285212",
"339926867952758820917322609174978739803",
"81891002541257859893963049075193557280",
"214087406079956514843383559496109855717",
"291718405784181134169085517903488134892",
"146795972645045251370256046682894857247",
"292847464558441208383347684518051101715",
"276820262617185966707211784959229132770",
"280115130551846487450343093576309218876",
"195297439475363290198193800328043899115",
"209275960213742910898547873068098466545",
"24737225083269113212052588193051330484",
"3202093062068446365596141913895009922",
"162406223611947340341403643611168420685",
"29054677032466657588918199895196753923",
"171243014386257846705978285081349906602",
"124781033276728384626071980206076932262"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-38375-48f01032",
"target": {
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 450.0,
"function_hash": "48809108653870121712457795961081952439"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-50745c30",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_ja3_md5",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 568.0,
"function_hash": "254591547660798199369633847213337185883"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-53dd6d86",
"target": {
"function": "fastly_compute_at_edge_cache_get_user_metadata",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 503.0,
"function_hash": "114757806373549105925203724658642501047"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-6d2e23d4",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_raw_client_certificate",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 450.0,
"function_hash": "48809108653870121712457795961081952439"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-81bc4459",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_ja3_md5",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 675.0,
"function_hash": "180345000339405095981612431345438191176"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-8d470d89",
"target": {
"function": "fastly_compute_at_edge_device_detection_lookup",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 503.0,
"function_hash": "114757806373549105925203724658642501047"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-93969509",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_raw_client_certificate",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 482.0,
"function_hash": "234919812295901918094339412678780029092"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-a2fda06d",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_client_hello",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 562.0,
"function_hash": "256581111348851229993918972378523127579"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-bbfdb030",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_cipher_openssl_name",
"file": "runtime/js-compute-runtime/host_interface/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 562.0,
"function_hash": "256581111348851229993918972378523127579"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-d46165f1",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_cipher_openssl_name",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"digest": {
"length": 539.0,
"function_hash": "124729098453303865489508925412105561727"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-38375-d6891bb7",
"target": {
"function": "fastly_compute_at_edge_http_req_downstream_tls_protocol",
"file": "runtime/fastly/host-api/component/fastly_world_adapter.cpp"
},
"source": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38375.json"