CVE-2024-21525

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Jul 10, 2024
Updated: Jul 11, 2024
CWE ID 703

Summary

CVE-2024-21525 is a newly identified cybersecurity vulnerability affecting all versions of the node-twain package. The issue arises from a buffer overflow vulnerability caused by an improper check or handling of exceptional conditions. This occurs when creating a new instance of twain.TwainSDK with productName or productFamily, manufacturer, or version.info properties of length 34 characters or more. The length of the source data is not adequately checked, leading to an overflow condition. This vulnerability could potentially be exploited by attackers to execute arbitrary code or cause a denial-of-service condition, posing a serious threat to applications using node-twain. It is essential for users to promptly update their package to a secure version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share