What is CVE-2023-28445?

CVE-2023-28445 is a critical-severity vulnerability in Denoland Deno, classified under Out-of-bounds Read. CVSS score: 10.0/10. Published 2023-03-23.

How severe is CVE-2023-28445?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Out-of-bounds Read in Denoland Deno

CVE-2023-28445

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is…

Vulnerability class: Buffer Overflow

EPSS: 0.008 (74.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Denoland Deno — versions = 1.32.0

Weakness classification (CWE)

References

https://github.com/denoland/deno/security/advisories/GHSA-c25x-cm9x-qqgx (x_refsource_CONFIRM)
https://github.com/denoland/deno/pull/18395 (x_refsource_MISC)
https://github.com/denoland/deno/releases/tag/v1.32.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-28445?: CVE-2023-28445 is a critical-severity vulnerability in Denoland Deno, classified under Out-of-bounds Read. CVSS score: 10.0/10. Published 2023-03-23.
How severe is CVE-2023-28445?: Critical severity. CVSS v3 base score is 10.0 out of 10.