react-native-audio-api is vulnerable to Use-After-Free
29
Low Risk
The native audio recorder callback on Android and iOS forwards the operating-system-owned capture buffer directly to a worker thread through an asynchronous offloader. The operating system reclaims that buffer once the synchronous callback returns, so the offloader thread reads and processes memory that has already been freed. This use-after-free can crash the application or expose stale heap contents whenever audio recording is active. The fix copies the callback audio data into an owned buffer before the async handoff and frees that copy after the worker thread finishes processing it.
You are affected if you are using a version that falls within the vulnerable range and use the audio recorder feature.
react-native-audio-api is vulnerable to Use-After-Free in versions 0.12.0 - 0.12.1.
Upgrade the react-native-audio-api library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant