CVE-2022-25345 - All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to enc

CVE-2022-25345

Summary

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

References

https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100
https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28

Vulnerable Configurations

cpe:2.3:a:discordjs:opus:*:*:*:*:*:node.js:*:*
cpe:2.3:a:discordjs:opus:*:*:*:*:*:node.js:*:*

CVSS

Base:	5.0 (as of 28-06-2022 - 12:57)
Impact:
Exploitability:

CWE

CWE-908

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

Last major update

28-06-2022 - 12:57

Published

17-06-2022 - 20:15

Last modified

28-06-2022 - 12:57