CVE-2024-30253

Summary

@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.

Affected Software

VendorProductVersion RangeStatus
solana-labssolana-web3.js>= 1.91.0, < 1.91.3affected
solana-labssolana-web3.js>= 1.90, < 1.90.2affected
solana-labssolana-web3.js>= 1.89, < 1.89.2affected
solana-labssolana-web3.js= 1.88.0affected
solana-labssolana-web3.js>=1.87.0, < 1.87.7affected
solana-labssolana-web3.js= 1.86.0affected
solana-labssolana-web3.js= 1.85.0affected
solana-labssolana-web3.js= 1.84.0affected
solana-labssolana-web3.js= 1.83.0affected
solana-labssolana-web3.js= 1.82.0affected
solana-labssolana-web3.js= 1.81.0affected
solana-labssolana-web3.js= 1.80.0affected
solana-labssolana-web3.js= 1.79.0affected
solana-labssolana-web3.js>= 1.78, < 1.78.8affected
solana-labssolana-web3.js>= 1.77, < 1.77.4affected
solana-labssolana-web3.js= 1.76.0affected
solana-labssolana-web3.js= 1.75.0affected
solana-labssolana-web3.js= 1.74.0affected
solana-labssolana-web3.js>= 1.73.0, < 1.73.5affected
solana-labssolana-web3.js= 1.72.0affected
solana-labssolana-web3.js= 1.71.0affected
solana-labssolana-web3.js>= 1.70.0, < 1.70.4affected
solana-labssolana-web3.js= 1.69.0affected
solana-labssolana-web3.js>= 1.68.0, < 1.68.2affected
solana-labssolana-web3.js>= 1.67.0, < 1.67.3affected
solana-labssolana-web3.js>= 1.66.0, < 1.66.6affected
solana-labssolana-web3.js= 1.65.0affected
solana-labssolana-web3.js= 1.64.0affected
solana-labssolana-web3.js>= 1.63.0, < 1.63.2affected
solana-labssolana-web3.js>= 1.62.0, < 1.62.2affected
solana-labssolana-web3.js>= 1.61.0, < 1.61.2affected
solana-labssolana-web3.js= 1.60.0affected
solana-labssolana-web3.js>= 1.59.0, < 1.59.2affected
solana-labssolana-web3.js= 1.58.0affected
solana-labssolana-web3.js= 1.57.0affected
solana-labssolana-web3.js>= 1.56.0, < 1.56.3affected
solana-labssolana-web3.js= 1.55.0affected
solana-labssolana-web3.js>= 1.54.0, < 1.54.2affected
solana-labssolana-web3.js= 1.53.0affected
solana-labssolana-web3.js= 1.52.0affected
solana-labssolana-web3.js= 1.51.0affected
solana-labssolana-web3.js>= 1.50.0, < 1.50.2affected
solana-labssolana-web3.js= 1.49.0affected
solana-labssolana-web3.js= 1.48.0affected
solana-labssolana-web3.js>= 1.47.0, < 1.47.5affected
solana-labssolana-web3.js= 1.46.0affected
solana-labssolana-web3.js= 1.45.0affected
solana-labssolana-web3.js>= 1.44.0, < 1.44.4affected
solana-labssolana-web3.js>= 1.43.0, < 1.43.7affected
solana-labssolana-web3.js= 1.42.0affected
solana-labssolana-web3.js>= 1.41.0, < 1.41.11affected
solana-labssolana-web3.js>= 1.40.0, < 1.40.2affected
solana-labssolana-web3.js>= 1.39.0, < 1.39.2affected
solana-labssolana-web3.js= 1.38.0affected
solana-labssolana-web3.js>= 1.37.0, < 1.37.3affected
solana-labssolana-web3.js= 1.36.0affected
solana-labssolana-web3.js>= 1.35.0, < 1.35.2affected
solana-labssolana-web3.js= 1.34.0affected
solana-labssolana-web3.js= 1.33.0affected
solana-labssolana-web3.js>= 1.32.0, < 1.32.2affected
solana-labssolana-web3.js= 1.31.0affected
solana-labssolana-web3.js>= 1.30.0, < 1.30.3affected
solana-labssolana-web3.js>= 1.29.0, < 1.29.4affected
solana-labssolana-web3.js= 1.28.0affected
solana-labssolana-web3.js= 1.27.0affected
solana-labssolana-web3.js= 1.26.0affected
solana-labssolana-web3.js= 1.25.0affected
solana-labssolana-web3.js>= 1.24.0, < 1.24.3affected
solana-labssolana-web3.js= 1.23.0affected
solana-labssolana-web3.js= 1.22.0affected
solana-labssolana-web3.js= 1.21.0affected
solana-labssolana-web3.js>= 1.20.0, < 1.20.3affected
solana-labssolana-web3.js= 1.19.0affected
solana-labssolana-web3.js= 1.18.0affected
solana-labssolana-web3.js= 1.17.0affected
solana-labssolana-web3.js>= 1.16.0, < 1.16.2affected
solana-labssolana-web3.js= 1.15.0affected
solana-labssolana-web3.js= 1.14.0affected
solana-labssolana-web3.js= 1.13.0affected
solana-labssolana-web3.js= 1.12.0affected
solana-labssolana-web3.js= 1.11.0affected
solana-labssolana-web3.js>= 1.10.0, < 1.10.2affected
solana-labssolana-web3.js>= 1.9.0, < 1.9.2affected
solana-labssolana-web3.js= 1.8.0affected
solana-labssolana-web3.js>= 1.7.0, < 1.7.2affected
solana-labssolana-web3.js= 1.6.0affected
solana-labssolana-web3.js= 1.5.0affected
solana-labssolana-web3.js= 1.4.0affected
solana-labssolana-web3.js= 1.3.0affected
solana-labssolana-web3.js>= 1.2.0, < 1.2.8affected
solana-labssolana-web3.js>= 1.1.0, < 1.1.2affected
solana-labssolana-web3.js< 1.0.1affected

Weaknesses

  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References