CVE-2024-30253
- Source
- https://cve.org/CVERecord?id=CVE-2024-30253
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-30253.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-30253
- Aliases
- Published
- 2024-04-17T15:07:27.546Z
- Modified
- 2026-05-18T05:57:48.153221250Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Handling untrusted input can result in a crash, leading to loss of availability / denial of service
- Details
-
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with
@solana/web3.jswill result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with@solana/web3.js, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30253.json", "unresolved_ranges": [ { "extracted_events": [ { "introduced": "1.90" }, { "fixed": "1.90.2" }, { "introduced": "1.89" }, { "fixed": "1.89.2" }, { "introduced": "1.87.0" }, { "fixed": "1.87.7" }, { "introduced": "1.78" }, { "fixed": "1.78.8" }, { "introduced": "1.77" }, { "fixed": "1.77.4" }, { "introduced": "1.73.0" }, { "fixed": "1.73.5" }, { "introduced": "1.70.0" }, { "fixed": "1.70.4" }, { "introduced": "1.68.0" }, { "fixed": "1.68.2" }, { "introduced": "1.67.0" }, { "fixed": "1.67.3" }, { "introduced": "1.66.0" }, { "fixed": "1.66.6" }, { "introduced": "1.63.0" }, { "fixed": "1.63.2" }, { "introduced": "1.62.0" }, { "fixed": "1.62.2" }, { "introduced": "1.61.0" }, { "fixed": "1.61.2" }, { "introduced": "1.59.0" }, { "fixed": "1.59.2" }, { "introduced": "1.56.0" }, { "fixed": "1.56.3" }, { "introduced": "1.54.0" }, { "fixed": "1.54.2" }, { "introduced": "1.50.0" }, { "fixed": "1.50.2" }, { "introduced": "1.47.0" }, { "fixed": "1.47.5" }, { "introduced": "1.44.0" }, { "fixed": "1.44.4" }, { "introduced": "1.43.0" }, { "fixed": "1.43.7" }, { "introduced": "1.41.0" }, { "fixed": "1.41.11" }, { "introduced": "1.40.0" }, { "fixed": "1.40.2" }, { "introduced": "1.39.0" }, { "fixed": "1.39.2" }, { "introduced": "1.37.0" }, { "fixed": "1.37.3" }, { "introduced": "1.35.0" }, { "fixed": "1.35.2" }, { "introduced": "1.30.0" }, { "fixed": "1.30.3" }, { "introduced": "1.29.0" }, { "fixed": "1.29.4" }, { "introduced": "1.24.0" }, { "fixed": "1.24.3" }, { "introduced": "1.20.0" }, { "fixed": "1.20.3" }, { "introduced": "1.16.0" }, { "fixed": "1.16.2" }, { "introduced": "1.10.0" }, { "fixed": "1.10.2" }, { "introduced": "1.9.0" }, { "fixed": "1.9.2" }, { "introduced": "1.7.0" }, { "fixed": "1.7.2" }, { "introduced": "1.2.0" }, { "fixed": "1.2.8" }, { "introduced": "1.1.0" }, { "fixed": "1.1.2" }, { "fixed": "1.0.1" } ], "source": "AFFECTED_FIELD" } ], "cwe_ids": [ "CWE-119" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30253.json
- https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347
- https://nvd.nist.gov/vuln/detail/CVE-2024-30253
- https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0