GHSA-c25x-cm9x-qqgx

Suggest an improvement
Source
https://github.com/advisories/GHSA-c25x-cm9x-qqgx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-c25x-cm9x-qqgx/GHSA-c25x-cm9x-qqgx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c25x-cm9x-qqgx
Aliases
Published
2023-03-23T23:13:25Z
Modified
2023-11-08T04:12:11.261571Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Deno improperly handles resizable ArrayBuffer
Details

Impact

Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write.

It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0.

Deno Deploy users are not affected.

Patches

The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. A future version of Deno will re-enable resizable ArrayBuffers with a proper fix.

Workarounds

Upgrade to Deno 1.32.1, or run with --v8-flags=--no-harmony-rab-gsab to disable resizable ArrayBuffers.

Database specific
{
    "nvd_published_at": "2023-03-24T00:15:00Z",
    "github_reviewed_at": "2023-03-23T23:13:25Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-125",
        "CWE-787"
    ]
}
References

Affected packages

crates.io / Deno

Package

Affected ranges

Type
SEMVER
Events
Introduced
1.32.0
Fixed
1.32.1

Affected versions

1.*

1.32.0

crates.io / serde_v8

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.87.0
Fixed
0.88.0

Affected versions

0.*

0.87.0

crates.io / deno_runtime

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.102.0
Fixed
0.103.0

Affected versions

0.*

0.102.0