CVE-2022-25345

CVE-2022-25345

Name

CVE-2022-25345

Description

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100
CONFIRM	https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28

Type

URI

CONFIRM

https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100

CONFIRM

https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc%23L28

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:discordjs:opus::::::node.js::*`	opus	== None	== None

CPE URI

Source package

Min version

Max version

cpe:2.3:a:discordjs:opus:*:*:*:*:*:node.js:*:*

opus

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opus	3.17-main	1.3.1-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
opus	3.16-main	1.3.1-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
opus	3.15-main	1.3.1-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
opus	3.14-main	1.3.1-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
opus	edge-main	1.4-r0	Francesco Colista <fcolista@alpinelinux.org>	fixed
opus	3.18-main	1.4-r0	Francesco Colista <fcolista@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

opus

3.17-main

1.3.1-r1

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

opus

3.16-main