CVE-2024-21525

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Jul 10, 2024

Updated: Jul 11, 2024

CWE ID 703

Summary

CVE-2024-21525 is a newly identified cybersecurity vulnerability affecting all versions of the node-twain package. The issue arises from a buffer overflow vulnerability caused by an improper check or handling of exceptional conditions. This occurs when creating a new instance of twain.TwainSDK with productName or productFamily, manufacturer, or version.info properties of length 34 characters or more. The length of the source data is not adequately checked, leading to an overflow condition. This vulnerability could potentially be exploited by attackers to execute arbitrary code or cause a denial-of-service condition, posing a serious threat to applications using node-twain. It is essential for users to promptly update their package to a secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-21525 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database