CVE-2024-30253 – @solana/web3.js

Package

Manager: npm
Name: @solana/web3.js
Vulnerable Version: >=1.91.0 <1.91.3 || >=1.90 <1.90.2 || >=1.89 <1.89.2 || =1.88.0 || >=1.88.0 <1.88.1 || >=1.87.0 <1.87.7 || =1.86.0 || >=1.86.0 <1.86.1 || =1.85.0 || >=1.85.0 <1.85.1 || =1.84.0 || >=1.84.0 <1.84.1 || =1.83.0 || >=1.83.0 <1.83.1 || =1.82.0 || >=1.82.0 <1.82.1 || =1.81.0 || >=1.81.0 <1.81.1 || =1.80.0 || >=1.80.0 <1.80.1 || =1.79.0 || >=1.79.0 <1.79.1 || >=1.78 <1.78.8 || >=1.77 <1.77.4 || =1.76.0 || >=1.76.0 <1.76.1 || =1.75.0 || >=1.75.0 <1.75.1 || =1.74.0 || >=1.74.0 <1.74.1 || >=1.73.0 <1.73.5 || =1.72.0 || >=1.72.0 <1.72.1 || =1.71.0 || >=1.71.0 <1.71.1 || >=1.70.0 <1.70.4 || =1.69.0 || >=1.69.0 <1.69.1 || >=1.68.0 <1.68.2 || >=1.67.0 <1.67.3 || >=1.66.0 <1.66.6 || =1.65.0 || >=1.65.0 <1.65.1 || =1.64.0 || >=1.64.0 <1.64.1 || >=1.63.0 <1.63.2 || >=1.62.0 <1.62.2 || >=1.61.0 <1.61.2 || =1.60.0 || >=1.60.0 <1.60.1 || >=1.59.0 <1.59.2 || =1.58.0 || >=1.58.0 <1.58.1 || =1.57.0 || >=1.57.0 <1.57.1 || >=1.56.0 <1.56.3 || =1.55.0 || >=1.55.0 <1.55.1 || >=1.54.0 <1.54.2 || =1.53.0 || >=1.53.0 <1.53.1 || =1.52.0 || >=1.52.0 <1.52.1 || =1.51.0 || >=1.51.0 <1.51.1 || >=1.50.0 <1.50.2 || =1.49.0 || >=1.49.0 <1.49.1 || =1.48.0 || >=1.48.0 <1.48.1 || >=1.47.0 <1.47.5 || =1.46.0 || >=1.46.0 <1.46.1 || =1.45.0 || >=1.45.0 <1.45.1 || >=1.44.0 <1.44.4 || >=1.43.0 <1.43.7 || =1.42.0 || >=1.42.0 <1.42.1 || >=1.41.0 <1.41.11 || >=1.40.0 <1.40.2 || >=1.39.0 <1.39.2 || =1.38.0 || >=1.38.0 <1.38.1 || >=1.37.0 <1.37.3 || =1.36.0 || >=1.36.0 <1.36.1 || >=1.35.0 <1.35.2 || =1.34.0 || >=1.34.0 <1.34.1 || =1.33.0 || >=1.33.0 <1.33.1 || >=1.32.0 <1.32.2 || =1.31.0 || >=1.31.0 <1.31.1 || >=1.30.0 <1.30.3 || >=1.29.0 <1.29.4 || =1.28.0 || >=1.28.0 <1.28.1 || =1.27.0 || >=1.27.0 <1.27.1 || =1.26.0 || >=1.26.0 <1.26.1 || =1.25.0 || >=1.25.0 <1.25.1 || >=1.24.0 <1.24.3 || =1.23.0 || >=1.23.0 <1.23.1 || =1.22.0 || >=1.22.0 <1.22.1 || =1.21.0 || >=1.21.0 <1.21.1 || >=1.20.0 <1.20.3 || =1.19.0 || >=1.19.0 <1.19.1 || =1.18.0 || >=1.18.0 <1.18.1 || =1.17.0 || >=1.17.0 <1.17.1 || >=1.16.0 <1.16.2 || =1.15.0 || >=1.15.0 <1.15.1 || =1.14.0 || >=1.14.0 <1.14.1 || =1.13.0 || >=1.13.0 <1.13.1 || =1.12.0 || >=1.12.0 <1.12.1 || =1.11.0 || >=1.11.0 <1.11.1 || >=1.10.0 <1.10.2 || >=1.9.0 <1.9.2 || =1.8.0 || >=1.8.0 <1.8.1 || >=1.7.0 <1.7.2 || =1.6.0 || >=1.6.0 <1.6.1 || =1.5.0 || >=1.5.0 <1.5.1 || =1.4.0 || >=1.4.0 <1.4.1 || =1.3.0 || >=1.3.0 <1.3.1 || >=1.2.0 <1.2.8 || >=1.1.0 <1.1.2 || >=0 <1.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00142 pctl0.35024

Details

Handling untrusted input can result in a crash, leading to loss of availability / denial of service Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability.

Metadata

Created: 2024-04-17T18:21:18Z
Modified: 2024-04-17T21:29:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-8m45-2rjm-j347/GHSA-8m45-2rjm-j347.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-8m45-2rjm-j347
Finding: F316
Auto approve: 1