Medium severity5.6NVD Advisory· Published Dec 9, 2024· Updated Jun 17, 2026
CVE-2024-11991
CVE-2024-11991
Description
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Internet Computer/Motokov5Range: 0.9.0
Patches
Vulnerability mechanics
References
2- github.com/dfinity/motoko/pull/4677nvdIssue TrackingPatch
- github.com/dfinity/motoko/security/advisories/GHSA-9rhg-3qf8-hrv3nvdVendor Advisory
News mentions
0No linked articles in our index yet.