CVE-2024-21524 - Vulnerability Details - OpenCVE

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Magiclen	Stringbuilder

Configuration 1 [-]

cpe:2.3:a:magiclen:stringbuilder:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67
https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281
https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617

History

Mon, 09 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Magiclen Magiclen stringbuilder
CPEs		cpe:2.3:a:magiclen:stringbuilder::::::node.js::*
Vendors & Products		Magiclen Magiclen stringbuilder

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-07-10T05:00:05.257Z

Updated: 2024-08-01T22:27:34.821Z

Reserved: 2023-12-22T12:33:20.122Z

Link: CVE-2024-21524

Vulnrichment

Updated: 2024-08-01T22:27:34.821Z

NVD

Status : Modified

Published: 2024-07-10T05:15:11.340

Modified: 2024-11-21T08:54:37.010

Link: CVE-2024-21524

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21524", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-12-22T12:33:20.122Z", "datePublished": "2024-07-10T05:00:05.257Z", "dateUpdated": "2024-08-01T22:27:34.821Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P"}}], "credits": [{"value": "Alessio Della Libera", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-07-10T05:00:05.257Z"}, "descriptions": [{"value": "All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617"}, {"url": "https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281"}, {"url": "https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67"}], "affected": [{"product": "node-stringbuilder", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"affected": [{"vendor": "magiclen", "product": "node-stringbuilder", "cpes": ["cpe:2.3:a:magiclen:node-stringbuilder:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T16:26:50.938246Z", "id": "CVE-2024-21524", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T21:16:19.641Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:34.821Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617", "tags": ["x_transferred"]}, {"url": "https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617", "tags": ["x_transferred"]}, {"url": "https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:34.821Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21524", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-12T16:26:50.938246Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:magiclen:node-stringbuilder:*:*:*:*:*:*:*:*"], "vendor": "magiclen", "product": "node-stringbuilder", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T19:24:12.422Z"}}], "cna": {"credits": [{"lang": "en", "value": "Alessio Della Libera"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "n/a", "product": "node-stringbuilder", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617"}, {"url": "https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281"}, {"url": "https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67"}], "descriptions": [{"lang": "en", "value": "All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-07-10T05:00:05.257Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21524", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:27:34.821Z", "dateReserved": "2023-12-22T12:33:20.122Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2024-07-10T05:00:05.257Z", "assignerShortName": "snyk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:magiclen:stringbuilder:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "8DE1612F-F4A0-4ED1-8229-FC7EF4167BE2", "versionEndIncluding": "2.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure."}, {"lang": "es", "value": "Todas las versiones del paquete node-stringbuilder son vulnerables a lecturas fuera de los l\u00edmites debido a un c\u00e1lculo incorrecto de la longitud de la memoria, al llamar a ToBuffer, ToString o CharAt en un objeto StringBuilder con una entrada de valor de cadena no vac\u00eda. Es posible devolver memoria previamente asignada, por ejemplo, proporcionando \u00edndices negativos, lo que lleva a una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2024-21524", "lastModified": "2024-11-21T08:54:37.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-10T05:15:11.340", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67"}, {"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/magiclen/node-stringbuilder/blob/5c2797d3d6bf8cb6d10fe1e077609cef9a5a7de0/src/node-stringbuilder.c%23L1281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "report@snyk.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}