Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. This vulnerability is fixed in 42.3.3. A flaw was found in Electron, a framework for building cross-platform desktop applications. The Buffer implementation performs incorrect byte length calculations, resulting in a heap buffer underflow or overflow. An attacker could exploit this flaw to cause an application crash or trigger incorrect buffer allocations in the Node.js Buffer API, leading to unexpected data truncation or memory corruption, potentially allowing for arbitrary code execution. Red Hat severity: Important — CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-131. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.