Main Vulnerability Database SB2024030582

SB2024030582 - Use-after-free in Deno

Published: March 5, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024030582

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use-after-free (CVE-ID: CVE-2024-27934)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to use-after-free in *const c_void and ExternalPointer handling when executing attacker-controlled code inside the Deno runtime. A remote user can trigger reuse of a freed underlying structure to execute arbitrary code.

The issue is exploitable regardless of granted permissions, and exploitation of the ExternalPointer variant may require derandomizing the PIE base address.

Remediation

Install update from vendor's website.

References

https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf