How severe is CVE-2024-27934?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-27934?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-27934 - HIGH Severity | CVSS 8.8

Vulnerability Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue.

Related Vulnerabilities

CVE-2008-0077

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrat...

CWE-4162008

CVE-2009-3658

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via...

CWE-4162009

CVE-2010-0050

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with imprope...

CWE-4162010

CVE-2010-0249

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 20...

CWE-4162010

CVE-2010-0378

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is cur...

CWE-4162010

CVE-2010-1208

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote a...

CWE-4162010