Excessive Platform Resource Consumption within a Loop

CVE-2024-4068

High

7.5/10

Summary

The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1050 - Excessive Platform Resource Consumption within a Loop

The software has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.

References

Advisory Timeline

Published Jan 24, 2024

Excessive Platform Resource Consumption within a Loop

CVE-2024-4068

Summary

CWE-1050 - Excessive Platform Resource Consumption within a Loop

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS