Sign In

CVE-2024-55565

ADVISORY - github

Summary

When nanoid is called with a fractional value, there were a number of undesirable effects:

  1. in browser and non-secure, the code infinite loops on while (size--)
  2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
  3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.

EPSS Score: 0.00068 (0.211)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - github

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-55565
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

4.3medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-mwcw-c2x4-8c55
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

4.3medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-55565
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-55565
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2024-55565

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-835CWE-937

CVSS SCORE

4.3medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-55565
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

6.5medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-5x6p-j8x5-fgcf

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-7vvh-vj96-x4xv

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-8c38-5wj2-q369

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-8vh7-wwpf-5f4g

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-cr3m-qfmj-rhf8

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-jxmm-jh7j-qrx8

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-q99g-63m8-c4r8

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY