CVE-2024-43357

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Aug 15, 2024
Updated: Aug 19, 2024
CWE ID 476
CWE ID 843
CWE ID 248

Summary

CVE-2024-43357 is a vulnerability affecting the ECMAScript (JavaScript) specification related to async generators. Introduced by a May 2021 refactor, this issue allows for the misinterpretation of IteratorResult objects, which can become then-able and trigger arbitrary behavior. This can result in violations of internal invariants and potential security concerns such as type confusion and pointer dereference. Although the issue has been addressed in the latest ECMAScript specification, it is crucial for JavaScript engine implementors to update their implementations accordingly to ensure compliance with the `AsyncGenerator` section. (References: [1], [2], [3], [4], [5], [6])

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share