The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat service Mesh |
|
CPEs | cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9 |
|
Vendors & Products |
Redhat
Redhat service Mesh |
MITRE
Status: PUBLISHED
Assigner: Checkmarx
Published: 2024-05-13T10:06:38.152Z
Updated: 2024-08-01T20:26:57.297Z
Reserved: 2024-04-23T13:31:17.738Z
Link: CVE-2024-4068
Vulnrichment
Updated: 2024-08-01T20:26:57.297Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:42:48.660
Modified: 2024-07-03T02:07:03.943
Link: CVE-2024-4068
Redhat