Main Vulnerability Database Vulnerabilities #VU127050

Use-after-free in Deno - CVE-2024-27934

Published: March 5, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127050

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-27934

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to use-after-free in *const c_void and ExternalPointer handling when executing attacker-controlled code inside the Deno runtime. A remote user can trigger reuse of a freed underlying structure to execute arbitrary code.

The issue is exploitable regardless of granted permissions, and exploitation of the ExternalPointer variant may require derandomizing the PIE base address.

Remediation

Install security update from vendor's website.

External links

https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf

Use-after-free in Deno - CVE-2024-27934

Description

Remediation

External links

Please verify you're human