Vulnerabilities > CVE-2022-25345 - Use of Uninitialized Resource vulnerability in Discordjs Opus
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28
- https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28
- https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100
- https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100