CVE-2024-21526 - All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpec

CVE-2024-21526

Summary

All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.

References

https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

11-07-2024 - 15:05

Published

10-07-2024 - 05:15

Last modified

11-07-2024 - 15:05