CRITICAL🇬🇧 English

CVE-2023-28445

CVSS 9.9v3.1pub. 2023-03-24upd. 2024-11-21

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Deno

    APP
    Deno
    1.32.0
  • Deno Runtime

    APP
    Deno
    0.102.0
  • Deno Serde V8

    APP
    Deno
    0.87.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-22863CRITICAL9.2PL ✓ten sam produkt

Deno node:crypto — brak finalizacji szyfru umożliwia wielokrotne szyfrowanie

CVE-2022-24783CRITICAL10.0ten sam produkt

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclu...

CVE-2021-32619CRITICAL9.8ten sam produkt

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1...

CVE-2026-44726HIGH7.4ten sam produkt

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tl...

CVE-2026-49401HIGH7.3ten sam produkt

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces ...