CVE-2024-29900
CVSS V2 None
CVSS V3 None
Description
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.
Overview
- CVE ID
- CVE-2024-29900
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-29T15:15:45.766Z
- Last Modified Date
- 2024-03-29T15:15:45.766Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/electron/packager/security/advisories/GHSA-34h3-8mw4-qw57 | x_refsource_CONFIRM |
| https://github.com/electron/packager/commit/d421d4bd3ced889a4143c5c3ab6d95e3be249eee | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-29900 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29900 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 02:43:02 | Added to TrackCVE |