CVE-2024-21526
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Summary
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | speaker | 0 < * | affected |
Weaknesses
- CWE-400: Denial of Service (DoS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
- https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48
References
- https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
- https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.