Improper Validation of Specified Quantity in Input in atom-shell

CVE-2024-9369

atom-shell
chromium
chromiumembeddedframework.runtime
electron
electron-nightly
electron-prebuilt
org.webjars.npm:electron
org.webjars.npm:electron-prebuilt

High

9.6/10

Summary

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out-of-bounds memory write via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1284 - Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References

Release Note
Advisory
Issue

Advisory Timeline

Published Nov 27, 2024

Improper Validation of Specified Quantity in Input in atom-shell

CVE-2024-9369

Summary

CWE-1284 - Improper Validation of Specified Quantity in Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS