CVE-2026-42570: Untrusted Sparse Array Allocation Dos
Eagerly allocating arrays with untrusted lengths derived from input structures can cause a Denial of Service via memory exhaustion (e.g. V8 contiguous backing store allocation). Avoid using `new Array(untrusted_len)` and instead initialize an empty array, assign properties sparsely or force dictionary-elements mode, and set `.length` accordingly.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
JS
JSgreprules fetch cve-2026-42570-untrusted-sparse-array-allocation-dos --engine opengrepDescription
Eagerly allocating arrays with untrusted lengths derived from input structures can cause a Denial of Service via memory exhaustion (e.g. V8 contiguous backing store allocation). Avoid using `new Array(untrusted_len)` and instead initialize an empty array, assign properties sparsely or force dictionary-elements mode, and set `.length` accordingly.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0