Free Trial

CVE-2024-21524 : NODE-STRINGBUILDER TOBUFFER/TOSTRING/CHARAT OUT-OF-BOUNDS

Description

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It’s possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.

References

https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617

https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281

https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-21524 : NODE-STRINGBUILDER TOBUFFER/TOSTRING/CHARAT OUT-OF-BOUNDS
CVE-2024-21524 : NODE-STRINGBUILDER TOBUFFER/TOSTRING/CHARAT OUT-OF-BOUNDS

Contact us to get started

CVE-2024-49592 : MCAFEE TRIAL INSTALLER 16.0.53 ACCESS CONTROL

CVE-2024-49592 : MCAFEE TRIAL INSTALLER 16.0.53 ACCESS CONTROL

Description McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. References https://www.mcafee.com/support/s/article/000002516?language=en_US For More

Learn more
CVE-2024-10934 : OPENBSD UP TO 7.4 ERRATA 020/7.5 ERRATA 007 NFS CLIENT/NFS SERVER DOUBLE FREE

CVE-2024-10934 : OPENBSD UP TO 7.4 ERRATA 020/7.5 ERRATA 007 NFS CLIENT/NFS SERVER DOUBLE FREE

Description In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS

Learn more
CVE-2024-40638 : GLPI UP TO 10.0.16 SQL INJECTION

CVE-2024-40638 : GLPI UP TO 10.0.16 SQL INJECTION

Description GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities.

Learn more