Home > Vulnerability Database > CVE-2023-28445

Mend.io Vulnerability Database

CVE-2023-28445

Good to know:

Date: March 23, 2023

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.

Language: RUST

Severity Score

9.8

Related Resources (5)

Url: https://github.com/denoland/deno/security/advisories/GHSA-c25x-cm9x-qqgx

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28445

Url: https://github.com/denoland/deno/pull/18395

Url: https://github.com/denoland/deno/releases/tag/v1.32.1

Url: https://www.mend.io/vulnerability-database/CVE-2023-28445

Severity Score

9.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version deno_runtime - 0.103.0;serde_v8 - 0.88.0;Deno - 1.32.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28445

Good to know:

Date: March 23, 2023

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?