CVE-2024-30253: 
JavaScript vulnerability analysis and mitigation

@solana/web3.js, the Solana JavaScript SDK, was found to contain a vulnerability (CVE-2024-30253) that could result in memory exhaustion (OOM). The vulnerability was disclosed on April 17, 2024, affecting multiple versions of the SDK. When particular inputs are processed with affected versions of @solana/web3.js, applications or services accepting untrusted input may experience crashes, leading to availability issues (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and while the scope is unchanged, it can significantly impact system availability. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The primary impact of this vulnerability is on system availability. When exploited, it can cause memory exhaustion leading to application or service crashes. This is particularly concerning for server, client, mobile, or desktop products that accept untrusted input for use with @solana/web3.js, as it could result in a denial of service condition (GitHub Advisory).

The vulnerability has been fixed in multiple versions including 1.91.3 and numerous other patch releases. Users are advised to upgrade to the patched versions. The fix involves implementing proper bounds checking for array operations, as evidenced by the security patch (GitHub Commit).