High severityNVD Advisory· Published Jun 17, 2022· Updated Sep 17, 2024
Denial of Service (DoS)
CVE-2022-25345
Description
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@discordjs/opusnpm | < 0.8.0 | 0.8.0 |
Affected products
2- @discordjs/opus/@discordjs/opusdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-rvgf-69j7-xh78ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25345ghsaADVISORY
- github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.ccghsaWEB
- github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28mitrex_refsource_MISC
- github.com/discordjs/opus/commit/406249f3fca484a2af97a34ceb989019efa09bc7ghsaWEB
- github.com/discordjs/opus/releases/tag/v0.8.0ghsaWEB
- snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.