Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13eHIzLTJoZ3YtcW04Zs4AA9wU
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.
Permalink: https://github.com/advisories/GHSA-wxr3-2hgv-qm8fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13eHIzLTJoZ3YtcW04Zs4AA9wU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 months ago
Updated: 30 days ago
CVSS Score: 8.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Identifiers: GHSA-wxr3-2hgv-qm8f, CVE-2024-21525
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-21525
- https://gist.github.com/dellalibera/55b87634a6c360e5be22a715f0566c99
- https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153
- https://github.com/advisories/GHSA-wxr3-2hgv-qm8f
Affected Packages
npm:node-twain
Dependent packages: 1Dependent repositories: 0
Downloads: 60 last month
Affected Version Ranges: <= 0.0.16
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.12, 0.0.13, 0.0.14, 0.0.15, 0.0.16