{"id":"CVE-2024-30253","summary":"Handling untrusted input can result in a crash, leading to loss of availability / denial of service","details":"@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.","aliases":["GHSA-8m45-2rjm-j347"],"modified":"2026-05-18T05:57:48.153221250Z","published":"2024-04-17T15:07:27.546Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-119"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30253.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"1.90"},{"fixed":"1.90.2"},{"introduced":"1.89"},{"fixed":"1.89.2"},{"introduced":"1.87.0"},{"fixed":"1.87.7"},{"introduced":"1.78"},{"fixed":"1.78.8"},{"introduced":"1.77"},{"fixed":"1.77.4"},{"introduced":"1.73.0"},{"fixed":"1.73.5"},{"introduced":"1.70.0"},{"fixed":"1.70.4"},{"introduced":"1.68.0"},{"fixed":"1.68.2"},{"introduced":"1.67.0"},{"fixed":"1.67.3"},{"introduced":"1.66.0"},{"fixed":"1.66.6"},{"introduced":"1.63.0"},{"fixed":"1.63.2"},{"introduced":"1.62.0"},{"fixed":"1.62.2"},{"introduced":"1.61.0"},{"fixed":"1.61.2"},{"introduced":"1.59.0"},{"fixed":"1.59.2"},{"introduced":"1.56.0"},{"fixed":"1.56.3"},{"introduced":"1.54.0"},{"fixed":"1.54.2"},{"introduced":"1.50.0"},{"fixed":"1.50.2"},{"introduced":"1.47.0"},{"fixed":"1.47.5"},{"introduced":"1.44.0"},{"fixed":"1.44.4"},{"introduced":"1.43.0"},{"fixed":"1.43.7"},{"introduced":"1.41.0"},{"fixed":"1.41.11"},{"introduced":"1.40.0"},{"fixed":"1.40.2"},{"introduced":"1.39.0"},{"fixed":"1.39.2"},{"introduced":"1.37.0"},{"fixed":"1.37.3"},{"introduced":"1.35.0"},{"fixed":"1.35.2"},{"introduced":"1.30.0"},{"fixed":"1.30.3"},{"introduced":"1.29.0"},{"fixed":"1.29.4"},{"introduced":"1.24.0"},{"fixed":"1.24.3"},{"introduced":"1.20.0"},{"fixed":"1.20.3"},{"introduced":"1.16.0"},{"fixed":"1.16.2"},{"introduced":"1.10.0"},{"fixed":"1.10.2"},{"introduced":"1.9.0"},{"fixed":"1.9.2"},{"introduced":"1.7.0"},{"fixed":"1.7.2"},{"introduced":"1.2.0"},{"fixed":"1.2.8"},{"introduced":"1.1.0"},{"fixed":"1.1.2"},{"fixed":"1.0.1"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30253.json"},{"type":"ADVISORY","url":"https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30253"},{"type":"FIX","url":"https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/solana-foundation/solana-web3.js","events":[{"introduced":"51948b96482b97e32f2040d178dc22e03081cb93"},{"fixed":"21e29f044f53246b157ff7a0034981cf7d67824f"}]}],"versions":["v1.32.1","v1.32.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-30253.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}