Electron: Buffer performs incorrect byte length calculations resulting in heap...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. This vulnerability is fixed in 42.3.3.

AI Analysis

Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

Basic Information

ID CVE-2026-54257

Source GitHub_M

Published Jun 23, 2026 at 17:08

Modified Jun 23, 2026 at 17:47

Affected Product

Vendor electron

Product electron

Version >= 42.3.1, < 42.3.3

Affected Versions electron electron >= 42.3.1, < 42.3.3

CWE Classification

CWE-120

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Electron

Product Electron Framework

Version 42.3.1-42.3.3

References

github.com /electron/electron/security/advisories/GHSA-q6m5-f73j-m9mc

{
    "lastseen": "",
    "description": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. This vulnerability is fixed in 42.3.3.",
    "published": "2026-06-23T17:08:31.786Z",
    "modified": "2026-06-23T17:47:47.594Z",
    "type": "cve",
    "title": "Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow",
    "source": "GitHub_M",
    "references": "https://github.com/electron/electron/security/advisories/GHSA-q6m5-f73j-m9mc",
    "id": "CVE-2026-54257",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120"
    ],
    "cvelist": null,
    "sourceData": "electron electron >= 42.3.1, < 42.3.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "electron",
    "version": ">= 42.3.1, < 42.3.3",
    "vendor": "electron",
    "ai_description": "Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow",
    "ai_severity": "Critical",
    "ai_vendor": "Electron",
    "ai_product": "Electron Framework",
    "ai_version": "42.3.1-42.3.3",
    "ai_score": 9.3
}

Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257