ByteOS Network

NVD Vulnerability Details :

CVE-2024-21526

Deferred

Source-report@snyk.io

Published At-10 Jul, 2024 | 05:15

Updated At-15 Apr, 2026 | 00:35

All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CWE ID	Type	Source
CWE-400	Secondary	report@snyk.io
CWE-241	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-400

Type: Secondary

Source: report@snyk.io

CWE ID: CWE-241

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48	report@snyk.io	N/A
https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676	report@snyk.io	N/A
https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676	af854a3a-2127-422b-91ae-364da2661108	N/A