AIKIDO-2025-10449
deno is vulnerable to Out-of-bounds Read
41
Medium Risk
This Affects:
denoTL;DR
Affected versions of this package are vulnerable to an Out-of-Bounds (OOB) read due to improper handling of Buffer objects in the HTTP/2 client implementation. When the encoding is set to buffer, the code uses chunk.buffer without accounting for the byte offset and length of the original TypedArray/Buffer view, causing the entire underlying ArrayBuffer to be transmitted. An attacker could exploit this by crafting a Buffer slice from a larger memory region containing sensitive data, where the transmission of the entire underlying ArrayBuffer via op_http2_client_send_data() exposes adjacent memory contents beyond the intended chunk boundaries, leading to information disclosure or crashes.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
deno is vulnerable to Out-of-bounds Read in versions 1.44.0 - 2.4.0.
How to fix this
Upgrade the deno library to a patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant