CVE-2022-25345Use of Uninitialized Resource in Opus

CWE-908Use of Uninitialized Resource5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 37.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Wikepage OpusDiscordjs OpusMsrc Cbl2 Opus ON CBL Mariner 2.0
Timeline
PublishedJun 17
Latest updateJun 18

Description

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5discordjs/opus< unspecified
npmdiscordjs/opus< 0.8.0
Alpinewikepage/opus< 0+5

🔴Vulnerability Details

3
GHSA
Uncontrolled Resource Consumption in @discordjs/opus2022-06-18
OSV
Uncontrolled Resource Consumption in @discordjs/opus2022-06-18
OSV
CVE-2022-25345: All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-2022-06-17

📋Vendor Advisories

1
Microsoft
Denial of Service (DoS)2022-06-14