CVE-2024-27934: *const c_void / ExternalPointer unsoundness leading to use-after-free

March 6, 2024

Use of inherently unsafe *const c_void and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution.

References

github.com/advisories/GHSA-3j27-563v-28wf
github.com/denoland/deno
github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf
nvd.nist.gov/vuln/detail/CVE-2024-27934

Detect and mitigate CVE-2024-27934 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →