Cyber Resilience

CVE-2024-21524

HighPublic PoC

Published: 10 July 2024

Published
10 July 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score 0.0021 43.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-21524 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Magiclen Stringbuilder. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory,…

more

for example, by providing negative indexes, leading to an Information Disclosure.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

magiclen
stringbuilder
≤ 2.2.7

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References