CVE-2024-21524 : NODE-STRINGBUILDER TOBUFFER/TOSTRING/CHARAT OUT-OF-BOUNDS

Description

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It’s possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.

References

https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617

https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281

https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with

CVE-2024-51466 : IBM COGNOS ANALYTICS UP TO 11.2.4 FP4/12.0.4 EL EXPRESSION LANGUAGE INJECTION

CVE-2024-51466 : IBM COGNOS ANALYTICS UP TO 11.2.4 FP4/12.0.4 EL EXPRESSION LANGUAGE INJECTION

Description IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection

CVE-2024-28767 : IBM SECURITY DIRECTORY INTEGRATOR UP TO 7.2.0.13/10.0.3 REQUEST OS COMMAND INJECTION

CVE-2024-28767 : IBM SECURITY DIRECTORY INTEGRATOR UP TO 7.2.0.13/10.0.3 REQUEST OS COMMAND INJECTION

Description IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute