ELECTRON_CUSTOM_DIR - Specifies the custom directory to download from.Mirror options can also be specified via the following environment variables: If an API exposed to the main world via contextBridge has a return value that throws a user-generated exception while being sent over the bridge, such as a dynamic getter property on an object that throws an error when being computed.Import ) // Will download from Using environment variables for mirror options This would normally result in an Error: object could not be cloned exception being thrown. If an API exposed to the main world via contextBridge can return an object or array that contains a JS object that cannot be serialized, such as a canvas rendering context. This issue is exploitable under either of two conditions: : Research and addition of additional affected librariesĪffected versions of this package are vulnerable to Improper Access Control via nested unserializable return value when using contextIsolation and contextBridge are affected.Įxploiting this vulnerability allows code running in the main world context in the renderer to reach into the isolated Electron context and perform privileged actions. : Advisory details updated, including CVSS, references This vulnerability was also published on libwebp CVE-2023-5129 This is only exploitable if the color_cache_bits value defines which size to use. The OOB write to the undersized array happens in ReplicateValue. When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. libwebp allows codes that are up to 15-bit ( MAX_ALLOWED_CODE_LENGTH). The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. The color_cache_bits value defines which size to use. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes() function to allocate the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.Īffected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes() function is used.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |