Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2023-28445
PUBLISHEDDeno improperly handles resizable ArrayBuffer
- Vendor
- denoland
- Product
- deno
- Published
- Mar 23, 2023
- EPSS
- —
Description
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2023-03-23 23:23:27 UTC · Source
SSVC decision points
- Exploitation
- none
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE | Mar 23, 2023 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel