CVE-2024-21526

All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
Configurations

No configuration.

History

21 Nov 2024, 08:54

Type Values Removed Values Added
References () https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48 - () https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48 -
References () https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676 - () https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676 -

11 Jul 2024, 15:05

Type Values Removed Values Added
CWE CWE-241

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Todas las versiones del paquete Speaker son vulnerables a la denegación de servicio (DoS) cuando se proporcionan tipos de entrada inesperados a la propiedad de canales del objeto Speaker hace posible alcanzar una macro de afirmación. La explotación de esta vulnerabilidad puede provocar un fallo del proceso.

10 Jul 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-10 05:15

Updated : 2024-11-21 08:54


NVD link : CVE-2024-21526

Mitre link : CVE-2024-21526

CVE.ORG link : CVE-2024-21526


JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption

CWE-241

Improper Handling of Unexpected Data Type