GSD-2024-30253
Vulnerability from gsd - Updated: 2024-04-03 05:02Details
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-30253"
],
"details": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.",
"id": "GSD-2024-30253",
"modified": "2024-04-03T05:02:29.237110Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-30253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solana-web3.js",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 1.91.0, \u003c 1.91.3"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.90, \u003c 1.90.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.89, \u003c 1.89.2"
},
{
"version_affected": "=",
"version_value": "= 1.88.0"
},
{
"version_affected": "=",
"version_value": "\u003e=1.87.0, \u003c 1.87.7"
},
{
"version_affected": "=",
"version_value": "= 1.86.0"
},
{
"version_affected": "=",
"version_value": "= 1.85.0"
},
{
"version_affected": "=",
"version_value": "= 1.84.0"
},
{
"version_affected": "=",
"version_value": "= 1.83.0"
},
{
"version_affected": "=",
"version_value": "= 1.82.0"
},
{
"version_affected": "=",
"version_value": "= 1.81.0"
},
{
"version_affected": "=",
"version_value": "= 1.80.0"
},
{
"version_affected": "=",
"version_value": "= 1.79.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.78, \u003c 1.78.8"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.77, \u003c 1.77.4"
},
{
"version_affected": "=",
"version_value": "= 1.76.0"
},
{
"version_affected": "=",
"version_value": "= 1.75.0"
},
{
"version_affected": "=",
"version_value": "= 1.74.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.73.0, \u003c 1.73.5"
},
{
"version_affected": "=",
"version_value": "= 1.72.0"
},
{
"version_affected": "=",
"version_value": "= 1.71.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.70.0, \u003c 1.70.4"
},
{
"version_affected": "=",
"version_value": "= 1.69.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.68.0, \u003c 1.68.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.67.0, \u003c 1.67.3"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.66.0, \u003c 1.66.6"
},
{
"version_affected": "=",
"version_value": "= 1.65.0"
},
{
"version_affected": "=",
"version_value": "= 1.64.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.63.0, \u003c 1.63.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.62.0, \u003c 1.62.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.61.0, \u003c 1.61.2"
},
{
"version_affected": "=",
"version_value": "= 1.60.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.59.0, \u003c 1.59.2"
},
{
"version_affected": "=",
"version_value": "= 1.58.0"
},
{
"version_affected": "=",
"version_value": "= 1.57.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.56.0, \u003c 1.56.3"
},
{
"version_affected": "=",
"version_value": "= 1.55.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.54.0, \u003c 1.54.2"
},
{
"version_affected": "=",
"version_value": "= 1.53.0"
},
{
"version_affected": "=",
"version_value": "= 1.52.0"
},
{
"version_affected": "=",
"version_value": "= 1.51.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.50.0, \u003c 1.50.2"
},
{
"version_affected": "=",
"version_value": "= 1.49.0"
},
{
"version_affected": "=",
"version_value": "= 1.48.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.47.0, \u003c 1.47.5"
},
{
"version_affected": "=",
"version_value": "= 1.46.0"
},
{
"version_affected": "=",
"version_value": "= 1.45.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.44.0, \u003c 1.44.4"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.43.0, \u003c 1.43.7"
},
{
"version_affected": "=",
"version_value": "= 1.42.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.41.0, \u003c 1.41.11"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.40.0, \u003c 1.40.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.39.0, \u003c 1.39.2"
},
{
"version_affected": "=",
"version_value": "= 1.38.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.37.0, \u003c 1.37.3"
},
{
"version_affected": "=",
"version_value": "= 1.36.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.35.0, \u003c 1.35.2"
},
{
"version_affected": "=",
"version_value": "= 1.34.0"
},
{
"version_affected": "=",
"version_value": "= 1.33.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.32.0, \u003c 1.32.2"
},
{
"version_affected": "=",
"version_value": "= 1.31.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.30.0, \u003c 1.30.3"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.29.0, \u003c 1.29.4"
},
{
"version_affected": "=",
"version_value": "= 1.28.0"
},
{
"version_affected": "=",
"version_value": "= 1.27.0"
},
{
"version_affected": "=",
"version_value": "= 1.26.0"
},
{
"version_affected": "=",
"version_value": "= 1.25.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.24.0, \u003c 1.24.3"
},
{
"version_affected": "=",
"version_value": "= 1.23.0"
},
{
"version_affected": "=",
"version_value": "= 1.22.0"
},
{
"version_affected": "=",
"version_value": "= 1.21.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.20.0, \u003c 1.20.3"
},
{
"version_affected": "=",
"version_value": "= 1.19.0"
},
{
"version_affected": "=",
"version_value": "= 1.18.0"
},
{
"version_affected": "=",
"version_value": "= 1.17.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.16.0, \u003c 1.16.2"
},
{
"version_affected": "=",
"version_value": "= 1.15.0"
},
{
"version_affected": "=",
"version_value": "= 1.14.0"
},
{
"version_affected": "=",
"version_value": "= 1.13.0"
},
{
"version_affected": "=",
"version_value": "= 1.12.0"
},
{
"version_affected": "=",
"version_value": "= 1.11.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.10.0, \u003c 1.10.2"
},
{
"version_affected": "=",
"version_value": " \u003e= 1.9.0, \u003c 1.9.2"
},
{
"version_affected": "=",
"version_value": "= 1.8.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.7.0, \u003c 1.7.2"
},
{
"version_affected": "=",
"version_value": "= 1.6.0"
},
{
"version_affected": "=",
"version_value": "= 1.5.0"
},
{
"version_affected": "=",
"version_value": "= 1.4.0"
},
{
"version_affected": "=",
"version_value": "= 1.3.0"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.2.0, \u003c 1.2.8"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.1.0, \u003c 1.1.2"
},
{
"version_affected": "=",
"version_value": "\u003c 1.0.1"
}
]
}
}
]
},
"vendor_name": "solana-labs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-119",
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347",
"refsource": "MISC",
"url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"
},
{
"name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0",
"refsource": "MISC",
"url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"
}
]
},
"source": {
"advisory": "GHSA-8m45-2rjm-j347",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."
},
{
"lang": "es",
"value": "@solana/web3.js es el SDK de JavaScript de Solana. El uso de entradas particulares con `@solana/web3.js` resultar\u00e1 en un agotamiento de la memoria (OOM). Si tiene un servidor, cliente, producto m\u00f3vil o de escritorio que acepta entradas que no son de confianza para usar con `@solana/web3.js`, su aplicaci\u00f3n/servicio puede fallar, lo que resulta en una p\u00e9rdida de disponibilidad. Esta vulnerabilidad se solucion\u00f3 en 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19. .1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3 , 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4 .1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1 , 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64 .1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1 , 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87 .7, 1.88.1, 1.89.2, 1.90.2, 1.9.2 y 1.91.3."
}
],
"id": "CVE-2024-30253",
"lastModified": "2024-04-17T15:31:50.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-04-17T15:15:07.253",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…