CVE-2024-30253 - Vulnerability Details

Link	Providers
https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0
https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30253", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-26T12:52:00.933Z", "datePublished": "2024-04-17T15:07:27.546Z", "dateUpdated": "2024-08-21T15:05:27.101Z"}, "containers": {"cna": {"title": "Handling untrusted input can result in a crash, leading to loss of availability / denial of service", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"}, {"name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", "tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"}], "affected": [{"vendor": "solana-labs", "product": "solana-web3.js", "versions": [{"version": ">= 1.91.0, < 1.91.3", "status": "affected"}, {"version": ">= 1.90, < 1.90.2", "status": "affected"}, {"version": ">= 1.89, < 1.89.2", "status": "affected"}, {"version": "= 1.88.0", "status": "affected"}, {"version": ">=1.87.0, < 1.87.7", "status": "affected"}, {"version": "= 1.86.0", "status": "affected"}, {"version": "= 1.85.0", "status": "affected"}, {"version": "= 1.84.0", "status": "affected"}, {"version": "= 1.83.0", "status": "affected"}, {"version": "= 1.82.0", "status": "affected"}, {"version": "= 1.81.0", "status": "affected"}, {"version": "= 1.80.0", "status": "affected"}, {"version": "= 1.79.0", "status": "affected"}, {"version": ">= 1.78, < 1.78.8", "status": "affected"}, {"version": ">= 1.77, < 1.77.4", "status": "affected"}, {"version": "= 1.76.0", "status": "affected"}, {"version": "= 1.75.0", "status": "affected"}, {"version": "= 1.74.0", "status": "affected"}, {"version": ">= 1.73.0, < 1.73.5", "status": "affected"}, {"version": "= 1.72.0", "status": "affected"}, {"version": "= 1.71.0", "status": "affected"}, {"version": ">= 1.70.0, < 1.70.4", "status": "affected"}, {"version": "= 1.69.0", "status": "affected"}, {"version": ">= 1.68.0, < 1.68.2", "status": "affected"}, {"version": ">= 1.67.0, < 1.67.3", "status": "affected"}, {"version": ">= 1.66.0, < 1.66.6", "status": "affected"}, {"version": "= 1.65.0", "status": "affected"}, {"version": "= 1.64.0", "status": "affected"}, {"version": ">= 1.63.0, < 1.63.2", "status": "affected"}, {"version": ">= 1.62.0, < 1.62.2", "status": "affected"}, {"version": ">= 1.61.0, < 1.61.2", "status": "affected"}, {"version": "= 1.60.0", "status": "affected"}, {"version": ">= 1.59.0, < 1.59.2", "status": "affected"}, {"version": "= 1.58.0", "status": "affected"}, {"version": "= 1.57.0", "status": "affected"}, {"version": ">= 1.56.0, < 1.56.3", "status": "affected"}, {"version": "= 1.55.0", "status": "affected"}, {"version": ">= 1.54.0, < 1.54.2", "status": "affected"}, {"version": "= 1.53.0", "status": "affected"}, {"version": "= 1.52.0", "status": "affected"}, {"version": "= 1.51.0", "status": "affected"}, {"version": ">= 1.50.0, < 1.50.2", "status": "affected"}, {"version": "= 1.49.0", "status": "affected"}, {"version": "= 1.48.0", "status": "affected"}, {"version": ">= 1.47.0, < 1.47.5", "status": "affected"}, {"version": "= 1.46.0", "status": "affected"}, {"version": "= 1.45.0", "status": "affected"}, {"version": ">= 1.44.0, < 1.44.4", "status": "affected"}, {"version": ">= 1.43.0, < 1.43.7", "status": "affected"}, {"version": "= 1.42.0", "status": "affected"}, {"version": ">= 1.41.0, < 1.41.11", "status": "affected"}, {"version": ">= 1.40.0, < 1.40.2", "status": "affected"}, {"version": ">= 1.39.0, < 1.39.2", "status": "affected"}, {"version": "= 1.38.0", "status": "affected"}, {"version": ">= 1.37.0, < 1.37.3", "status": "affected"}, {"version": "= 1.36.0", "status": "affected"}, {"version": ">= 1.35.0, < 1.35.2", "status": "affected"}, {"version": "= 1.34.0", "status": "affected"}, {"version": "= 1.33.0", "status": "affected"}, {"version": ">= 1.32.0, < 1.32.2", "status": "affected"}, {"version": "= 1.31.0", "status": "affected"}, {"version": ">= 1.30.0, < 1.30.3", "status": "affected"}, {"version": ">= 1.29.0, < 1.29.4", "status": "affected"}, {"version": "= 1.28.0", "status": "affected"}, {"version": "= 1.27.0", "status": "affected"}, {"version": "= 1.26.0", "status": "affected"}, {"version": "= 1.25.0", "status": "affected"}, {"version": ">= 1.24.0, < 1.24.3", "status": "affected"}, {"version": "= 1.23.0", "status": "affected"}, {"version": "= 1.22.0", "status": "affected"}, {"version": "= 1.21.0", "status": "affected"}, {"version": ">= 1.20.0, < 1.20.3", "status": "affected"}, {"version": "= 1.19.0", "status": "affected"}, {"version": "= 1.18.0", "status": "affected"}, {"version": "= 1.17.0", "status": "affected"}, {"version": ">= 1.16.0, < 1.16.2", "status": "affected"}, {"version": "= 1.15.0", "status": "affected"}, {"version": "= 1.14.0", "status": "affected"}, {"version": "= 1.13.0", "status": "affected"}, {"version": "= 1.12.0", "status": "affected"}, {"version": "= 1.11.0", "status": "affected"}, {"version": ">= 1.10.0, < 1.10.2", "status": "affected"}, {"version": " >= 1.9.0, < 1.9.2", "status": "affected"}, {"version": "= 1.8.0", "status": "affected"}, {"version": ">= 1.7.0, < 1.7.2", "status": "affected"}, {"version": "= 1.6.0", "status": "affected"}, {"version": "= 1.5.0", "status": "affected"}, {"version": "= 1.4.0", "status": "affected"}, {"version": "= 1.3.0", "status": "affected"}, {"version": ">= 1.2.0, < 1.2.8", "status": "affected"}, {"version": ">= 1.1.0, < 1.1.2", "status": "affected"}, {"version": "< 1.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-17T19:48:46.105Z"}, "descriptions": [{"lang": "en", "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."}], "source": {"advisory": "GHSA-8m45-2rjm-j347", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:06.308Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"}, {"name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"}]}, {"affected": [{"vendor": "solanalabs", "product": "web3", "cpes": ["cpe:2.3:a:solanalabs:web3:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.91.0", "status": "affected", "lessThan": "1.91.3", "versionType": "custom"}, {"version": "1.90", "status": "affected", "lessThan": "1.90.2", "versionType": "custom"}, {"version": "1.89", "status": "affected", "lessThan": "1.89.2", "versionType": "custom"}, {"version": "1.88.0", "status": "affected"}, {"version": "1.87.0", "status": "affected", "lessThan": "1.87.7", "versionType": "custom"}, {"version": "1.86.0", "status": "affected"}, {"version": "1.85.0", "status": "affected"}, {"version": "1.84.0", "status": "affected"}, {"version": "1.83.0", "status": "affected"}, {"version": "1.82.0", "status": "affected"}, {"version": "1.81.0", "status": "affected"}, {"version": "1.80.0", "status": "affected"}, {"version": "1.79.0", "status": "affected"}, {"version": "1.78", "status": "affected", "lessThan": "1.78.8", "versionType": "custom"}, {"version": "1.77", "status": "affected", "lessThan": "1.77.4", "versionType": "custom"}, {"version": "1.76.0", "status": "affected"}, {"version": "1.75.0", "status": "affected"}, {"version": "1.74.0", "status": "affected"}, {"version": "1.73.0", "status": "affected", "lessThan": "1.73.5", "versionType": "custom"}, {"version": "1.72.0", "status": "affected"}, {"version": "1.71.0", "status": "affected"}, {"version": "1.70.0", "status": "affected", "lessThan": "1.70.4", "versionType": "custom"}, {"version": "1.69.0", "status": "affected"}, {"version": "1.68.0", "status": "affected", "lessThan": "1.68.2", "versionType": "custom"}, {"version": "1.67.0", "status": "affected", "lessThan": "1.67.3", "versionType": "custom"}, {"version": "1.66.0", "status": "affected", "lessThan": "1.66.6", "versionType": "custom"}, {"version": "1.65.0", "status": "affected"}, {"version": "1.64.0", "status": "affected"}, {"version": "1.63.0", "status": "affected", "lessThan": "1.63.2", "versionType": "custom"}, {"version": "1.62.0", "status": "affected", "lessThan": "1.62.2", "versionType": "custom"}, {"version": "1.61.0", "status": "affected", "lessThan": "1.61.2", "versionType": "custom"}, {"version": "1.60.0", "status": "affected"}, {"version": "1.59.0", "status": "affected", "lessThan": "1.59.2", "versionType": "custom"}, {"version": "1.58.0", "status": "affected"}, {"version": "1.57.0", "status": "affected"}, {"version": "1.56.0", "status": "affected", "lessThan": "1.56.3", "versionType": "custom"}, {"version": "1.55.0", "status": "affected"}, {"version": "1.54.0", "status": "affected", "lessThan": "1.54.2", "versionType": "custom"}, {"version": "1.53.0", "status": "affected"}, {"version": "1.52.0", "status": "affected"}, {"version": "1.51.0", "status": "affected"}, {"version": "1.50.0", "status": "affected", "lessThan": "1.50.2", "versionType": "custom"}, {"version": "1.49.0", "status": "affected"}, {"version": "1.48.0", "status": "affected"}, {"version": "1.47.0", "status": "affected", "lessThan": "1.47.5", "versionType": "custom"}, {"version": "1.46.0", "status": "affected"}, {"version": "1.45.0", "status": "affected"}, {"version": "1.44.0", "status": "affected", "lessThan": "1.44.4", "versionType": "custom"}, {"version": "1.43.0", "status": "affected", "lessThan": "1.43.7", "versionType": "custom"}, {"version": "1.42.0", "status": "affected"}, {"version": "1.41.0", "status": "affected", "lessThan": "1.41.11", "versionType": "custom"}, {"version": "1.40.0", "status": "affected", "lessThan": "1.40.2", "versionType": "custom"}, {"version": "1.39.0", "status": "affected", "lessThan": "1.39.2", "versionType": "custom"}, {"version": "1.38.0", "status": "affected"}, {"version": "1.37.0", "status": "affected", "lessThan": "1.37.3", "versionType": "custom"}, {"version": "1.36.0", "status": "affected"}, {"version": "1.35.0", "status": "affected", "lessThan": "1.35.2", "versionType": "custom"}, {"version": "1.34.0", "status": "affected"}, {"version": "1.33.0", "status": "affected"}, {"version": "1.32.0", "status": "affected", "lessThan": "1.32.2", "versionType": "custom"}, {"version": "1.31.0", "status": "affected"}, {"version": "1.30.0", "status": "affected", "lessThan": "1.30.3", "versionType": "custom"}, {"version": "1.29.0", "status": "affected", "lessThan": "1.29.4", "versionType": "custom"}, {"version": "1.28.0", "status": "affected"}, {"version": "1.27.0", "status": "affected"}, {"version": "1.26.0", "status": "affected"}, {"version": "1.25.0", "status": "affected"}, {"version": "1.24.0", "status": "affected", "lessThan": "1.24.3", "versionType": "custom"}, {"version": "1.23.0", "status": "affected"}, {"version": "1.22.0", "status": "affected"}, {"version": "1.21.0", "status": "affected"}, {"version": "1.20.0", "status": "affected", "lessThan": "1.20.3", "versionType": "custom"}, {"version": "1.19.0", "status": "affected"}, {"version": "1.18.0", "status": "affected"}, {"version": "1.17.0", "status": "affected"}, {"version": "1.16.0", "status": "affected", "lessThan": "1.16.2", "versionType": "custom"}, {"version": "1.15.0", "status": "affected"}, {"version": "1.14.0", "status": "affected"}, {"version": "1.13.0", "status": "affected"}, {"version": "1.12.0", "status": "affected"}, {"version": "1.11.0", "status": "affected"}, {"version": "1.10.0", "status": "affected", "lessThan": "1.10.2", "versionType": "custom"}, {"version": "1.9.0", "status": "affected", "lessThan": "1.9.2", "versionType": "custom"}, {"version": "1.8.0", "status": "affected"}, {"version": "1.7.0", "status": "affected", "lessThan": "1.7.2", "versionType": "custom"}, {"version": "1.6.0", "status": "affected"}, {"version": "1.5.0", "status": "affected"}, {"version": "1.4.0", "status": "affected"}, {"version": "1.3.0", "status": "affected"}, {"version": "1.2.0", "status": "affected", "lessThan": "1.2.8", "versionType": "custom"}, {"version": "1.1.0", "status": "affected", "lessThan": "1.1.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "1.0.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T14:18:35.271487Z", "id": "CVE-2024-30253", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:05:27.101Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:06.308Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30253", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T14:18:35.271487Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:solanalabs:web3:*:*:*:*:*:*:*:*"], "vendor": "solanalabs", "product": "web3", "versions": [{"status": "affected", "version": "1.91.0", "lessThan": "1.91.3", "versionType": "custom"}, {"status": "affected", "version": "1.90", "lessThan": "1.90.2", "versionType": "custom"}, {"status": "affected", "version": "1.89", "lessThan": "1.89.2", "versionType": "custom"}, {"status": "affected", "version": "1.88.0"}, {"status": "affected", "version": "1.87.0", "lessThan": "1.87.7", "versionType": "custom"}, {"status": "affected", "version": "1.86.0"}, {"status": "affected", "version": "1.85.0"}, {"status": "affected", "version": "1.84.0"}, {"status": "affected", "version": "1.83.0"}, {"status": "affected", "version": "1.82.0"}, {"status": "affected", "version": "1.81.0"}, {"status": "affected", "version": "1.80.0"}, {"status": "affected", "version": "1.79.0"}, {"status": "affected", "version": "1.78", "lessThan": "1.78.8", "versionType": "custom"}, {"status": "affected", "version": "1.77", "lessThan": "1.77.4", "versionType": "custom"}, {"status": "affected", "version": "1.76.0"}, {"status": "affected", "version": "1.75.0"}, {"status": "affected", "version": "1.74.0"}, {"status": "affected", "version": "1.73.0", "lessThan": "1.73.5", "versionType": "custom"}, {"status": "affected", "version": "1.72.0"}, {"status": "affected", "version": "1.71.0"}, {"status": "affected", "version": "1.70.0", "lessThan": "1.70.4", "versionType": "custom"}, {"status": "affected", "version": "1.69.0"}, {"status": "affected", "version": "1.68.0", "lessThan": "1.68.2", "versionType": "custom"}, {"status": "affected", "version": "1.67.0", "lessThan": "1.67.3", "versionType": "custom"}, {"status": "affected", "version": "1.66.0", "lessThan": "1.66.6", "versionType": "custom"}, {"status": "affected", "version": "1.65.0"}, {"status": "affected", "version": "1.64.0"}, {"status": "affected", "version": "1.63.0", "lessThan": "1.63.2", "versionType": "custom"}, {"status": "affected", "version": "1.62.0", "lessThan": "1.62.2", "versionType": "custom"}, {"status": "affected", "version": "1.61.0", "lessThan": "1.61.2", "versionType": "custom"}, {"status": "affected", "version": "1.60.0"}, {"status": "affected", "version": "1.59.0", "lessThan": "1.59.2", "versionType": "custom"}, {"status": "affected", "version": "1.58.0"}, {"status": "affected", "version": "1.57.0"}, {"status": "affected", "version": "1.56.0", "lessThan": "1.56.3", "versionType": "custom"}, {"status": "affected", "version": "1.55.0"}, {"status": "affected", "version": "1.54.0", "lessThan": "1.54.2", "versionType": "custom"}, {"status": "affected", "version": "1.53.0"}, {"status": "affected", "version": "1.52.0"}, {"status": "affected", "version": "1.51.0"}, {"status": "affected", "version": "1.50.0", "lessThan": "1.50.2", "versionType": "custom"}, {"status": "affected", "version": "1.49.0"}, {"status": "affected", "version": "1.48.0"}, {"status": "affected", "version": "1.47.0", "lessThan": "1.47.5", "versionType": "custom"}, {"status": "affected", "version": "1.46.0"}, {"status": "affected", "version": "1.45.0"}, {"status": "affected", "version": "1.44.0", "lessThan": "1.44.4", "versionType": "custom"}, {"status": "affected", "version": "1.43.0", "lessThan": "1.43.7", "versionType": "custom"}, {"status": "affected", "version": "1.42.0"}, {"status": "affected", "version": "1.41.0", "lessThan": "1.41.11", "versionType": "custom"}, {"status": "affected", "version": "1.40.0", "lessThan": "1.40.2", "versionType": "custom"}, {"status": "affected", "version": "1.39.0", "lessThan": "1.39.2", "versionType": "custom"}, {"status": "affected", "version": "1.38.0"}, {"status": "affected", "version": "1.37.0", "lessThan": "1.37.3", "versionType": "custom"}, {"status": "affected", "version": "1.36.0"}, {"status": "affected", "version": "1.35.0", "lessThan": "1.35.2", "versionType": "custom"}, {"status": "affected", "version": "1.34.0"}, {"status": "affected", "version": "1.33.0"}, {"status": "affected", "version": "1.32.0", "lessThan": "1.32.2", "versionType": "custom"}, {"status": "affected", "version": "1.31.0"}, {"status": "affected", "version": "1.30.0", "lessThan": "1.30.3", "versionType": "custom"}, {"status": "affected", "version": "1.29.0", "lessThan": "1.29.4", "versionType": "custom"}, {"status": "affected", "version": "1.28.0"}, {"status": "affected", "version": "1.27.0"}, {"status": "affected", "version": "1.26.0"}, {"status": "affected", "version": "1.25.0"}, {"status": "affected", "version": "1.24.0", "lessThan": "1.24.3", "versionType": "custom"}, {"status": "affected", "version": "1.23.0"}, {"status": "affected", "version": "1.22.0"}, {"status": "affected", "version": "1.21.0"}, {"status": "affected", "version": "1.20.0", "lessThan": "1.20.3", "versionType": "custom"}, {"status": "affected", "version": "1.19.0"}, {"status": "affected", "version": "1.18.0"}, {"status": "affected", "version": "1.17.0"}, {"status": "affected", "version": "1.16.0", "lessThan": "1.16.2", "versionType": "custom"}, {"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.14.0"}, {"status": "affected", "version": "1.13.0"}, {"status": "affected", "version": "1.12.0"}, {"status": "affected", "version": "1.11.0"}, {"status": "affected", "version": "1.10.0", "lessThan": "1.10.2", "versionType": "custom"}, {"status": "affected", "version": "1.9.0", "lessThan": "1.9.2", "versionType": "custom"}, {"status": "affected", "version": "1.8.0"}, {"status": "affected", "version": "1.7.0", "lessThan": "1.7.2", "versionType": "custom"}, {"status": "affected", "version": "1.6.0"}, {"status": "affected", "version": "1.5.0"}, {"status": "affected", "version": "1.4.0"}, {"status": "affected", "version": "1.3.0"}, {"status": "affected", "version": "1.2.0", "lessThan": "1.2.8", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "1.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:05:19.276Z"}}], "cna": {"title": "Handling untrusted input can result in a crash, leading to loss of availability / denial of service", "source": {"advisory": "GHSA-8m45-2rjm-j347", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "solana-labs", "product": "solana-web3.js", "versions": [{"status": "affected", "version": ">= 1.91.0, < 1.91.3"}, {"status": "affected", "version": ">= 1.90, < 1.90.2"}, {"status": "affected", "version": ">= 1.89, < 1.89.2"}, {"status": "affected", "version": "= 1.88.0"}, {"status": "affected", "version": ">=1.87.0, < 1.87.7"}, {"status": "affected", "version": "= 1.86.0"}, {"status": "affected", "version": "= 1.85.0"}, {"status": "affected", "version": "= 1.84.0"}, {"status": "affected", "version": "= 1.83.0"}, {"status": "affected", "version": "= 1.82.0"}, {"status": "affected", "version": "= 1.81.0"}, {"status": "affected", "version": "= 1.80.0"}, {"status": "affected", "version": "= 1.79.0"}, {"status": "affected", "version": ">= 1.78, < 1.78.8"}, {"status": "affected", "version": ">= 1.77, < 1.77.4"}, {"status": "affected", "version": "= 1.76.0"}, {"status": "affected", "version": "= 1.75.0"}, {"status": "affected", "version": "= 1.74.0"}, {"status": "affected", "version": ">= 1.73.0, < 1.73.5"}, {"status": "affected", "version": "= 1.72.0"}, {"status": "affected", "version": "= 1.71.0"}, {"status": "affected", "version": ">= 1.70.0, < 1.70.4"}, {"status": "affected", "version": "= 1.69.0"}, {"status": "affected", "version": ">= 1.68.0, < 1.68.2"}, {"status": "affected", "version": ">= 1.67.0, < 1.67.3"}, {"status": "affected", "version": ">= 1.66.0, < 1.66.6"}, {"status": "affected", "version": "= 1.65.0"}, {"status": "affected", "version": "= 1.64.0"}, {"status": "affected", "version": ">= 1.63.0, < 1.63.2"}, {"status": "affected", "version": ">= 1.62.0, < 1.62.2"}, {"status": "affected", "version": ">= 1.61.0, < 1.61.2"}, {"status": "affected", "version": "= 1.60.0"}, {"status": "affected", "version": ">= 1.59.0, < 1.59.2"}, {"status": "affected", "version": "= 1.58.0"}, {"status": "affected", "version": "= 1.57.0"}, {"status": "affected", "version": ">= 1.56.0, < 1.56.3"}, {"status": "affected", "version": "= 1.55.0"}, {"status": "affected", "version": ">= 1.54.0, < 1.54.2"}, {"status": "affected", "version": "= 1.53.0"}, {"status": "affected", "version": "= 1.52.0"}, {"status": "affected", "version": "= 1.51.0"}, {"status": "affected", "version": ">= 1.50.0, < 1.50.2"}, {"status": "affected", "version": "= 1.49.0"}, {"status": "affected", "version": "= 1.48.0"}, {"status": "affected", "version": ">= 1.47.0, < 1.47.5"}, {"status": "affected", "version": "= 1.46.0"}, {"status": "affected", "version": "= 1.45.0"}, {"status": "affected", "version": ">= 1.44.0, < 1.44.4"}, {"status": "affected", "version": ">= 1.43.0, < 1.43.7"}, {"status": "affected", "version": "= 1.42.0"}, {"status": "affected", "version": ">= 1.41.0, < 1.41.11"}, {"status": "affected", "version": ">= 1.40.0, < 1.40.2"}, {"status": "affected", "version": ">= 1.39.0, < 1.39.2"}, {"status": "affected", "version": "= 1.38.0"}, {"status": "affected", "version": ">= 1.37.0, < 1.37.3"}, {"status": "affected", "version": "= 1.36.0"}, {"status": "affected", "version": ">= 1.35.0, < 1.35.2"}, {"status": "affected", "version": "= 1.34.0"}, {"status": "affected", "version": "= 1.33.0"}, {"status": "affected", "version": ">= 1.32.0, < 1.32.2"}, {"status": "affected", "version": "= 1.31.0"}, {"status": "affected", "version": ">= 1.30.0, < 1.30.3"}, {"status": "affected", "version": ">= 1.29.0, < 1.29.4"}, {"status": "affected", "version": "= 1.28.0"}, {"status": "affected", "version": "= 1.27.0"}, {"status": "affected", "version": "= 1.26.0"}, {"status": "affected", "version": "= 1.25.0"}, {"status": "affected", "version": ">= 1.24.0, < 1.24.3"}, {"status": "affected", "version": "= 1.23.0"}, {"status": "affected", "version": "= 1.22.0"}, {"status": "affected", "version": "= 1.21.0"}, {"status": "affected", "version": ">= 1.20.0, < 1.20.3"}, {"status": "affected", "version": "= 1.19.0"}, {"status": "affected", "version": "= 1.18.0"}, {"status": "affected", "version": "= 1.17.0"}, {"status": "affected", "version": ">= 1.16.0, < 1.16.2"}, {"status": "affected", "version": "= 1.15.0"}, {"status": "affected", "version": "= 1.14.0"}, {"status": "affected", "version": "= 1.13.0"}, {"status": "affected", "version": "= 1.12.0"}, {"status": "affected", "version": "= 1.11.0"}, {"status": "affected", "version": ">= 1.10.0, < 1.10.2"}, {"status": "affected", "version": " >= 1.9.0, < 1.9.2"}, {"status": "affected", "version": "= 1.8.0"}, {"status": "affected", "version": ">= 1.7.0, < 1.7.2"}, {"status": "affected", "version": "= 1.6.0"}, {"status": "affected", "version": "= 1.5.0"}, {"status": "affected", "version": "= 1.4.0"}, {"status": "affected", "version": "= 1.3.0"}, {"status": "affected", "version": ">= 1.2.0, < 1.2.8"}, {"status": "affected", "version": ">= 1.1.0, < 1.1.2"}, {"status": "affected", "version": "< 1.0.1"}]}], "references": [{"url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-17T19:48:46.105Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30253", "state": "PUBLISHED", "dateUpdated": "2024-08-21T15:05:27.101Z", "dateReserved": "2024-03-26T12:52:00.933Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-17T15:07:27.546Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."}, {"lang": "es", "value": "@solana/web3.js es el SDK de JavaScript de Solana. El uso de entradas particulares con `@solana/web3.js` resultar\u00e1 en un agotamiento de la memoria (OOM). Si tiene un servidor, cliente, producto m\u00f3vil o de escritorio que acepta entradas que no son de confianza para usar con `@solana/web3.js`, su aplicaci\u00f3n/servicio puede fallar, lo que resulta en una p\u00e9rdida de disponibilidad. Esta vulnerabilidad se solucion\u00f3 en 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19. .1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3 , 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4 .1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1 , 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64 .1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1 , 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87 .7, 1.88.1, 1.89.2, 1.90.2, 1.9.2 y 1.91.3."}], "id": "CVE-2024-30253", "lastModified": "2024-11-21T09:11:32.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-17T15:15:07.253", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"}, {"source": "security-advisories@github.com", "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object