Common Weakness Enumeration

CWE-1288

Allowed

Improper Validation of Consistency within Input

Abstraction: Base · Status: Incomplete

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

44 vulnerabilities reference this CWE, most recent first.

CVE-2024-8305 (GCVE-0-2024-8305)

Vulnerability from cvelistv5 – Published: 2024-10-21 14:10 – Updated: 2024-10-21 15:50
VLAI
Title
MongoDB Server secondaries may crash due to forced index constraints
Summary
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
Vendor Product Version
MongoDB Inc MongoDB Server Affected: 6.0 , < 6.0.17 (custom)
Affected: 7.0 , < 7.0.13 (custom)
Affected: 7.3 , < 7.3.4 (custom)
    cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.3.3:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-10-21 14:08
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T15:49:58.398090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T15:50:06.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "6.0.17",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.13",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-10-21T14:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eprepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288: Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-21T14:10:31.079Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-92382"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server secondaries may crash due to forced index constraints",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-8305",
    "datePublished": "2024-10-21T14:10:31.079Z",
    "dateReserved": "2024-08-29T08:20:09.655Z",
    "dateUpdated": "2024-10-21T15:50:06.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5953 (GCVE-0-2024-5953)

Vulnerability from cvelistv5 – Published: 2024-06-18 10:01 – Updated: 2026-02-25 20:31
VLAI
Title
389-ds-base: malformed userpassword hash may cause denial of service
Summary
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:4633 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4997 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5192 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5690 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6153 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6568 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6569 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6576 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7458 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:1632 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-5953 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2292104 issue-trackingx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025…
Impacted products
Vendor Product Version
Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
    cpe:/a:redhat:directory_server_e4s:11.5::el8
Create a notification for this product.
Red Hat Red Hat Directory Server 11.7 for RHEL 8 Unaffected: 8080020240909040333.f969626e , < * (rpm)
    cpe:/a:redhat:directory_server:11.7::el8
Create a notification for this product.
Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240902112955.37ed7c03 , < * (rpm)
    cpe:/a:redhat:directory_server:11.9::el8
Create a notification for this product.
Red Hat Red Hat Directory Server 12.2 EUS for RHEL 9 Unaffected: 9020020240916150035.1674d574 , < * (rpm)
    cpe:/a:redhat:directory_server_eus:12.2::el9
Create a notification for this product.
Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240723122852.1674d574 , < * (rpm)
    cpe:/a:redhat:directory_server:12.4::el9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.3.11.1-6.el7_9 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240910065753.25e700aa , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-9.el9_4 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Date Public
2024-06-13 00:00
Credits
This issue was discovered by Têko Mihinto (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T13:32:13.391886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T13:33:04.416Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:56:21.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:4633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4633"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
          },
          {
            "name": "RHBZ#2292104",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/389ds/389-ds-base",
          "defaultStatus": "affected",
          "packageName": "389-ds-base"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:11.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020250210084424.0ca98e7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11.7::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.7 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020240909040333.f969626e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11.9::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.9 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240902112955.37ed7c03",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_eus:12.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.2 EUS for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9020020240916150035.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:12.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9040020240723122852.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.11.1-6.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240910065753.25e700aa",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020240807050952.6dbb3803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.5-9.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.4-9.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by T\u00eako Mihinto (Red Hat)."
        }
      ],
      "datePublic": "2024-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T20:31:51.523Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:4633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4633"
        },
        {
          "name": "RHSA-2024:4997",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4997"
        },
        {
          "name": "RHSA-2024:5192",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5192"
        },
        {
          "name": "RHSA-2024:5690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5690"
        },
        {
          "name": "RHSA-2024:6153",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6153"
        },
        {
          "name": "RHSA-2024:6568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6568"
        },
        {
          "name": "RHSA-2024:6569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6569"
        },
        {
          "name": "RHSA-2024:6576",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6576"
        },
        {
          "name": "RHSA-2024:7458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7458"
        },
        {
          "name": "RHSA-2025:1632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:1632"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
        },
        {
          "name": "RHBZ#2292104",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-06-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "389-ds-base: malformed userpassword hash may cause denial of service",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1288: Improper Validation of Consistency within Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-5953",
    "datePublished": "2024-06-18T10:01:56.714Z",
    "dateReserved": "2024-06-13T04:20:35.951Z",
    "dateUpdated": "2026-02-25T20:31:51.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-32701 (GCVE-0-2023-32701)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:33 – Updated: 2025-09-09 15:06
VLAI
Title
Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)
Summary
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
Impacted products
Vendor Product Version
BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0 , ≤ 7.1 (custom)
Create a notification for this product.
Date Public
2023-11-14 18:01
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T18:05:38.851186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T18:05:56.808Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Networking Stack"
          ],
          "product": "QNX Software Development Platform (SDP)",
          "vendor": "BlackBerry",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-11-14T18:01:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288 Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T15:06:29.621Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2023-32701",
    "datePublished": "2023-11-14T18:33:59.148Z",
    "dateReserved": "2023-05-11T20:52:48.323Z",
    "dateUpdated": "2025-09-09T15:06:29.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6245 (GCVE-0-2023-6245)

Vulnerability from cvelistv5 – Published: 2023-12-08 14:26 – Updated: 2024-12-02 14:33
VLAI
Title
Infinite decoding loop through specially crafted payload
Summary
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
  • CWE-1288 - Improper Validation of Consistency within Input
  • CWE-168 - Improper Handling of Inconsistent Special Elements
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Internet Computer Candid Affected: 0.9.0 , < 0.9.10 (0.0.0)
Create a notification for this product.
Date Public
2023-12-08 01:55
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dfinity/candid/pull/478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://internetcomputer.org/docs/current/references/candid-ref"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dfinity/candid/blob/master/spec/Candid.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://internetcomputer.org/docs/current/references/ic-interface-spec"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T14:31:05.379872Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T14:33:16.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Candid",
          "repo": "https://github.com/dfinity/candid",
          "vendor": "Internet Computer",
          "versions": [
            {
              "lessThan": "0.9.10",
              "status": "affected",
              "version": "0.9.0",
              "versionType": "0.0.0"
            }
          ]
        }
      ],
      "datePublic": "2023-12-08T01:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Candid library causes a Denial of Service while \nparsing a specially crafted payload with \u0027empty\u0027 data type. For example,\n if the payload is \u003ccode\u003e`record { * ; empty }`\u003c/code\u003e and the canister interface expects \u003ccode\u003e`record { * }`\u003c/code\u003e then the Rust candid decoder treats \u003ccode\u003eempty\u003c/code\u003e as an extra field required by the type.  The problem with the type \u003ccode\u003eempty\u003c/code\u003e is that the candid Rust library wrongly categorizes \u003ccode\u003eempty\u003c/code\u003e as a recoverable error when skipping the field and thus causing an infinite decoding loop.\u003c/p\u003e\n\u003cp\u003eCanisters using affected versions of candid\n are exposed to denial of service by causing the decoding to run \nindefinitely until the canister traps due to reaching maximum \ninstruction limit per execution round. Repeated exposure to the payload \nwill result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The Candid library causes a Denial of Service while \nparsing a specially crafted payload with \u0027empty\u0027 data type. For example,\n if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type.  The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.\n\n\nCanisters using affected versions of candid\n are exposed to denial of service by causing the decoding to run \nindefinitely until the canister traps due to reaching maximum \ninstruction limit per execution round. Repeated exposure to the payload \nwill result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288 Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-168",
              "description": "CWE-168 Improper Handling of Inconsistent Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-08T14:26:09.331Z",
        "orgId": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
        "shortName": "Dfinity"
      },
      "references": [
        {
          "url": "https://github.com/dfinity/candid/pull/478"
        },
        {
          "url": "https://internetcomputer.org/docs/current/references/candid-ref"
        },
        {
          "url": "https://github.com/dfinity/candid/blob/master/spec/Candid.md"
        },
        {
          "url": "https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j"
        },
        {
          "url": "https://internetcomputer.org/docs/current/references/ic-interface-spec"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Infinite decoding loop through specially crafted payload",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
    "assignerShortName": "Dfinity",
    "cveId": "CVE-2023-6245",
    "datePublished": "2023-12-08T14:26:09.331Z",
    "dateReserved": "2023-11-21T16:28:51.715Z",
    "dateUpdated": "2024-12-02T14:33:16.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1620 (GCVE-0-2023-1620)

Vulnerability from cvelistv5 – Published: 2023-06-26 06:19 – Updated: 2024-11-12 14:11
VLAI
Title
WAGO: DoS in multiple products in multiple versions using Codesys
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
Vendor Product Version
Wago 750-8202/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8203/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8204/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8206/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8207/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8208/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8210/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8211/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8212/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8213/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8214/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8216/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8217/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-823 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-332 Affected: FW1 , ≤ FW6 (custom)
Create a notification for this product.
Wago 750-832/xxx-xxx Affected: FW1 , ≤ FW6 (custom)
Create a notification for this product.
Wago 750-862 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-890/xxx-xxx Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-891 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-893 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-331 Affected: FW1 , ≤ FW14 (custom)
Create a notification for this product.
Wago 750-829 Affected: FW1 , ≤ FW14 (custom)
Create a notification for this product.
Wago 750-831/xxx-xxx Affected: FW1 , ≤ FW14 (custom)
Create a notification for this product.
Wago 750-852 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-880/xxx-xxx Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-881 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-882 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-885/xxx-xxx Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-889 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Credits
Daniel dos Santos from Forescout Abdelrahman Hassanien from Forescout
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1620",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:30:42.286955Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T14:11:36.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "750-8202/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8203/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8204/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8206/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8207/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8208/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8210/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8211/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8212/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8213/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8214/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8216/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8217/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-823",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-332",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW6",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-832/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW6",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-862",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-890/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-891",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-893",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-331",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW14",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-829",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW14",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-831/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW14",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-852",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-880/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-881",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-882",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-885/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-889",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel dos Santos from Forescout"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Abdelrahman Hassanien from Forescout"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
            }
          ],
          "value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288 Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-02T05:28:51.078Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
        }
      ],
      "source": {
        "advisory": "VDE-2023-006",
        "defect": [
          "CERT@VDE#64417"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "WAGO: DoS in multiple products in multiple versions using Codesys",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-1620",
    "datePublished": "2023-06-26T06:19:30.928Z",
    "dateReserved": "2023-03-24T10:12:26.426Z",
    "dateUpdated": "2024-11-12T14:11:36.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1619 (GCVE-0-2023-1619)

Vulnerability from cvelistv5 – Published: 2023-06-26 06:18 – Updated: 2024-10-02 05:28
VLAI
Title
WAGO: DoS in multiple versions of multiple products
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
Vendor Product Version
Wago 750-8202/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8203/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8204/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8206/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8207/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8208/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8210/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8211/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8212/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8213/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8214/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8216/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-8217/xxx-xxx Affected: FW1 , ≤ FW22 SP1 (custom)
Create a notification for this product.
Wago 750-823 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-332 Affected: FW1 , ≤ FW6 (custom)
Create a notification for this product.
Wago 750-832/xxx-xxx Affected: FW1 , ≤ FW6 (custom)
Create a notification for this product.
Wago 750-862 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-890/xxx-xxx Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-891 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-893 Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Wago 750-331 Affected: FW1 , ≤ FW14 (custom)
Create a notification for this product.
Wago 750-829 Affected: FW1 , ≤ FW14 (custom)
Create a notification for this product.
Wago 750-831/xxx-xxx Affected: FW1 , ≤ FW14 (custom)
Create a notification for this product.
Wago 750-852 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-880/xxx-xxx Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-881 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-882 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-885/xxx-xxx Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Wago 750-889 Affected: FW1 , ≤ FW16 (custom)
Create a notification for this product.
Credits
Daniel dos Santos from Forescout Abdelrahman Hassanien from Forescout
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "750-8202/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8203/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8204/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8206/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8207/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8208/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8210/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8211/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8212/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8213/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8214/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8216/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-8217/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW22 SP1",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-823",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-332",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW6",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-832/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW6",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-862",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-890/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-891",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-893",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-331",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW14",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-829",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW14",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-831/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW14",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-852",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-880/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-881",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-882",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-885/xxx-xxx",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "750-889",
          "vendor": "Wago",
          "versions": [
            {
              "lessThanOrEqual": "FW16",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel dos Santos from Forescout"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Abdelrahman Hassanien from Forescout"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
            }
          ],
          "value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288 Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-02T05:28:23.250Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
        }
      ],
      "source": {
        "advisory": "VDE-2023-006",
        "defect": [
          "CERT@VDE#64417"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "WAGO: DoS in multiple versions of multiple products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-1619",
    "datePublished": "2023-06-26T06:18:33.981Z",
    "dateReserved": "2023-03-24T10:12:25.218Z",
    "dateUpdated": "2024-10-02T05:28:23.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-50976 (GCVE-0-2022-50976)

Vulnerability from cvelistv5 – Published: 2026-02-02 14:08 – Updated: 2026-02-02 17:25
VLAI
Title
Innomic VibroLine Configurator and avibia Configurator allow unintended device reset via USB
Summary
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
Impacted products
Vendor Product Version
Innomic VibroLine Configurator 5.0 Affected: 5.0.2416 , ≤ 5.0.2486 (semver)
Unaffected: 5.1.2730
Create a notification for this product.
avibia AvibiaLine Configurator 5.0 Affected: 5.0.2416 , ≤ 5.0.2486 (semver)
Unaffected: 5.1.2730
Create a notification for this product.
Innomic VibroLine Configurator 4.0 Unaffected: 4.0.1931 , ≤ 4.0.2406 (semver)
Create a notification for this product.
Date Public
2026-02-02 14:08
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-50976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-02T17:25:42.635940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-02T17:25:50.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VibroLine Configurator 5.0",
          "vendor": "Innomic",
          "versions": [
            {
              "lessThanOrEqual": "5.0.2486",
              "status": "affected",
              "version": "5.0.2416",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.1.2730"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AvibiaLine Configurator  5.0",
          "vendor": "avibia",
          "versions": [
            {
              "lessThanOrEqual": "5.0.2486",
              "status": "affected",
              "version": "5.0.2416",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.1.2730"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VibroLine Configurator 4.0",
          "vendor": "Innomic",
          "versions": [
            {
              "lessThanOrEqual": "4.0.2406",
              "status": "unaffected",
              "version": "4.0.1931",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-02-02T14:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288: Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-02T14:08:24.139Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json"
        }
      ],
      "source": {
        "advisory": "CERT@VDE#641933",
        "discovery": "UNKNOWN"
      },
      "title": "Innomic VibroLine Configurator and avibia Configurator allow unintended device reset via USB",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-50976",
    "datePublished": "2026-02-02T14:08:24.139Z",
    "dateReserved": "2026-01-12T08:05:55.994Z",
    "dateUpdated": "2026-02-02T17:25:50.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-39353 (GCVE-0-2022-39353)

Vulnerability from cvelistv5 – Published: 2022-11-02 00:00 – Updated: 2025-04-22 17:16
VLAI
Title
xmldom allows multiple root nodes in a DOM
Summary
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
Impacted products
Vendor Product Version
xmldom xmldom Affected: <= 0.6.0
Affected: < 0.7.7
Affected: >= 0.8.0, < 0.8.4
Affected: >= 0.9.0-beta.1, < 0.9.0-beta.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jindw/xmldom/issues/150"
          },
          {
            "name": "[debian-lts-announce] 20230101 [SECURITY] [DLA 3260-1] node-xmldom security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39353",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:39:20.618073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:16:38.092Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xmldom",
          "vendor": "xmldom",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.6.0"
            },
            {
              "status": "affected",
              "version": "\u003c 0.7.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.8.0, \u003c 0.8.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.9.0-beta.1, \u003c 0.9.0-beta.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@\u003e=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288: Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-01T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883"
        },
        {
          "url": "https://github.com/jindw/xmldom/issues/150"
        },
        {
          "name": "[debian-lts-announce] 20230101 [SECURITY] [DLA 3260-1] node-xmldom security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html"
        }
      ],
      "source": {
        "advisory": "GHSA-crh6-fp67-6883",
        "discovery": "UNKNOWN"
      },
      "title": "xmldom allows multiple root nodes in a DOM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39353",
    "datePublished": "2022-11-02T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T17:16:38.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41531 (GCVE-0-2021-41531)

Vulnerability from cvelistv5 – Published: 2021-09-21 13:23 – Updated: 2024-09-16 20:27
VLAI
Title
Invalid RPKI data could disable Route Origin Validation on RTR clients.
Summary
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
Severity
No CVSS data available.
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
Vendor Product Version
NLnet Labs Routinator Affected: unspecified , ≤ 0.9.0 (custom)
Create a notification for this product.
Date Public
2021-09-21 00:00
Credits
We would like to thank Job Snijders for reporting the issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:15:29.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Routinator",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThanOrEqual": "0.9.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "We would like to thank Job Snijders for reporting the issue."
        }
      ],
      "datePublic": "2021-09-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288: Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T13:23:17.000Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt"
        }
      ],
      "title": "Invalid RPKI data could disable Route Origin Validation on RTR clients.",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sep@nlnetlabs.nl",
          "DATE_PUBLIC": "2021-09-21T00:00:00.000Z",
          "ID": "CVE-2021-41531",
          "STATE": "PUBLIC",
          "TITLE": "Invalid RPKI data could disable Route Origin Validation on RTR clients."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Routinator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "0.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NLnet Labs"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "We would like to thank Job Snijders for reporting the issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1288: Improper Validation of Consistency within Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt",
              "refsource": "MISC",
              "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2021-41531",
    "datePublished": "2021-09-21T13:23:17.982Z",
    "dateReserved": "2021-09-20T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:27:40.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2274-3HGR-WXV6

Vulnerability from github – Published: 2026-04-22 09:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T09:16:21Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.",
  "id": "GHSA-2274-3hgr-wxv6",
  "modified": "2026-07-14T15:31:52Z",
  "published": "2026-04-22T09:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31431"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13565"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16208"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16209"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16210"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19074"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19225"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33486"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://copy.fail"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
    },
    {
      "type": "WEB",
      "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/260001"
    },
    {
      "type": "WEB",
      "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13566"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13577"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13578"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13681"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13690"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13727"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13729"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13734"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13811"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13862"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13885"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13887"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13932"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13936"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14097"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14112"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14137"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14165"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14230"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14301"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14339"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14773"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14926"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15087"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15976"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15978"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16018"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16063"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16111"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.