CVE-2024-21526
HIGHspeaker - Denial of Service via Channels Property Assertion Failure
Title source: llmDescription
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
References (2)
Core 2
Core References
Various Sources
https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
Scores
CVSS v3
7.5
EPSS
0.0009
EPSS Percentile
25.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-241
CWE-400
Status
published
Products (2)
n/a/speaker
npm/speaker
0npm
Published
Jul 10, 2024
Tracked Since
Feb 18, 2026