Impact
Electron 42.3.1 through 42.3.3 contains a flaw in the Buffer implementation that miscalculates byte length, leading to heap buffer under‑ or overflow when Node.js Buffer APIs are invoked. The result is either an application crash or an unexpected truncation or allocation of memory, which in turn causes memory corruption.
Affected Systems
The Electron framework, versions 42.3.1 to 42.3.3, is vulnerable. Applications built with these releases should verify the Electron version and any dependent packages that target the affected range.
Risk and Exploitability
The CVSS score of 9.3 indicates severe risk. The EPSS score of less than 1 % suggests a very low but non‑zero likelihood of exploitation, and the vulnerability is not listed in KEV. However, risk remains substantial because Electron runs locally on user machines. The vulnerability was fixed in 42.3.3. Based on the description, the likely attack vector is local, arising from code that creates or manipulates Node.js Buffers within the Electron application.
OpenCVE Enrichment
Github GHSA