CVE-2024-21526

{"id": "CVE-2024-21526", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-07-10T05:15:11.733", "references": [{"url": "https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48", "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676", "source": "report@snyk.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-241"}]}], "descriptions": [{"lang": "en", "value": "All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash."}, {"lang": "es", "value": "Todas las versiones del paquete Speaker son vulnerables a la denegaci\u00f3n de servicio (DoS) cuando se proporcionan tipos de entrada inesperados a la propiedad de canales del objeto Speaker hace posible alcanzar una macro de afirmaci\u00f3n. La explotaci\u00f3n de esta vulnerabilidad puede provocar un fallo del proceso."}], "lastModified": "2024-07-11T15:05:20.940", "sourceIdentifier": "report@snyk.io"}