mikaela
mikaela copied to clipboard
Published
20 hours ago •
kira0x1
kira0x1
opusv0.3.2: 1 vulnerabilities (highest severity is: 7.5)
Vulnerable Library - opusv0.3.2
Native opus bindings for node
Library home page: https://github.com/discordjs/opus.git
Vulnerable Source Files (1)
/MikaelaBot/node_modules/@discordjs/opus/src/node-opus.cc
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (opusv0.3.2 version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2022-25345 |  High |
7.5 | opusv0.3.2 | Direct | N/A | ❌ |
Details
CVE-2022-25345
Vulnerable Library - opusv0.3.2
Native opus bindings for node
Library home page: https://github.com/discordjs/opus.git
Found in base branch: main
Vulnerable Source Files (1)
/MikaelaBot/node_modules/@discordjs/opus/src/node-opus.cc
Vulnerability Details
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.
Publish Date: 2022-06-17
URL: CVE-2022-25345
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}