Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

685 vulnerabilities reference this CWE, most recent first.

GHSA-QWQP-JRW4-2X86

Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-28 21:30
VLAI
Details

Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-11T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.",
  "id": "GHSA-qwqp-jrw4-2x86",
  "modified": "2022-11-28T21:30:22Z",
  "published": "2022-11-11T19:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25917"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QX32-4XRF-2J53

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-29T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.",
  "id": "GHSA-qx32-4xrf-2j53",
  "modified": "2022-07-13T00:01:27Z",
  "published": "2022-05-24T19:06:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34549"
    },
    {
      "type": "WEB",
      "url": "https://blog.torproject.org/node/2041"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40391"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QX5C-44C2-56MQ

Vulnerability from github – Published: 2023-07-04 03:31 – Updated: 2024-04-04 05:21
VLAI
Details

In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-04T02:15:09Z",
    "severity": "HIGH"
  },
  "details": "In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.",
  "id": "GHSA-qx5c-44c2-56mq",
  "modified": "2024-04-04T05:21:23Z",
  "published": "2023-07-04T03:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20692"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/July-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXF5-VPWF-VJ9Q

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.

This issue only occurs if DHCP snooping is enabled. See configuration below.

This issue can be detected using following commands. Their output will display the interface status going down:

user@device>show interfaces user@device>show log messages | match user@device>show log messages ==> will display the "[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no," logs.

This issue affects: Junos OS on

MX Series

with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304:

  • All versions before 21.2R3-S7,
  • from 21.4 before 21.4R3-S6,
  • from 22.2 before 22.2R3-S3,
  • all versions of 22.3,
  • from 22.4 before 22.4R3,
  • from 23.2 before 23.2R2;

Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO,

  • from 21.4-EVO before 21.4R3-S7-EVO,
  • from 22.1-EVO before 22.1R3-S6-EVO,
  • from 22.2-EVO before 22.2R3-S5-EVO,
  • from 22.3-EVO before 22.3R3-S3-EVO,
  • from 22.4-EVO before 22.4R3-S1-EVO,
  • from 23.2-EVO before 23.2R2-S2-EVO,
  • from 23.4-EVO before 23.4R2-EVO.

Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T16:15:06Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).\u00a0 Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.\n\nThis issue only occurs if DHCP snooping is enabled. See configuration below.\n\nThis issue can be detected using following commands. Their output will display the interface status going down:\n\n\nuser@device\u003eshow interfaces \u003cif--x/x/x\u003e\nuser@device\u003eshow log messages | match \u003cif--x/x/x\u003e\nuser@device\u003eshow log messages ==\u003e will display the \"[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no,\" logs.\n\nThis issue affects:\nJunos OS on \n\nMX Series \n\nwith MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: \n\n\n  *  All versions before 21.2R3-S7, \n  *  from 21.4 before 21.4R3-S6, \n  *  from 22.2 before 22.2R3-S3, \n  *  all versions of 22.3,\n  *  from 22.4 before 22.4R3, \n  *  from 23.2 before 23.2R2; \n\n\n\nJunos OS Evolved on PTX Series: \n  *  from 19.3R1-EVO before 21.2R3-S8-EVO,\n\n  *  from 21.4-EVO before 21.4R3-S7-EVO, \n  *  from 22.1-EVO before 22.1R3-S6-EVO, \n  *  from 22.2-EVO before 22.2R3-S5-EVO, \n  *  from 22.3-EVO before 22.3R3-S3-EVO, \n  *  from 22.4-EVO before 22.4R3-S1-EVO, \n  *  from 23.2-EVO before 23.2R2-S2-EVO, \n  *  from 23.4-EVO before 23.4R2-EVO.\n\n\n\nJunos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability",
  "id": "GHSA-qxf5-vpwf-vj9q",
  "modified": "2024-10-11T18:32:48Z",
  "published": "2024-10-11T18:32:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39526"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA88103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R3MR-JGH6-PHPP

Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31
VLAI
Details

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T07:15:08Z",
    "severity": "HIGH"
  },
  "details": "\nDell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. \n\n",
  "id": "GHSA-r3mr-jgh6-phpp",
  "modified": "2024-02-06T09:31:37Z",
  "published": "2024-02-06T09:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25543"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3R2-RV2R-78WF

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2023-01-24 03:30
VLAI
Details

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-06T23:15:00Z",
    "severity": "LOW"
  },
  "details": "An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.",
  "id": "GHSA-r3r2-rv2r-78wf",
  "modified": "2023-01-24T03:30:17Z",
  "published": "2022-05-24T17:25:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15701"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/1877023"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4449-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4449-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R546-3C3C-RC3G

Vulnerability from github – Published: 2023-08-03 09:30 – Updated: 2024-04-04 06:30
VLAI
Details

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T07:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "\nDue to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials\nthat are used in the integration interface towards 3rd party systems.\n\n",
  "id": "GHSA-r546-3c3c-rc3g",
  "modified": "2024-04-04T06:30:39Z",
  "published": "2023-08-03T09:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21408"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R5X6-W42P-JHPP

Vulnerability from github – Published: 2023-03-17 18:22 – Updated: 2023-03-20 13:59
VLAI
Summary
Cilium eBPF filters may be temporarily removed during agent restart
Details

Impact

When Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall).

Patches

This vulnerability is fixed by https://github.com/cilium/cilium/pull/24336, included in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x and earlier are not affected.

Workarounds

There are no known workarounds.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Louis DeLosSantos and Timo Beckers for investigating and fixing the issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-27595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-17T18:22:57Z",
    "nvd_published_at": "2023-03-17T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium\u0027s featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall).\n\n### Patches\n\nThis vulnerability is fixed by https://github.com/cilium/cilium/pull/24336, included in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x and earlier are not affected.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Louis DeLosSantos and Timo Beckers for investigating and fixing the issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.\n",
  "id": "GHSA-r5x6-w42p-jhpp",
  "modified": "2023-03-20T13:59:25Z",
  "published": "2023-03-17T18:22:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-r5x6-w42p-jhpp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27595"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/pull/24336"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/releases/tag/v1.13.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cilium eBPF filters may be temporarily removed during agent restart"
}

GHSA-R668-8P4P-W5JH

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2.",
  "id": "GHSA-r668-8p4p-w5jh",
  "modified": "2022-05-24T17:48:12Z",
  "published": "2022-05-24T17:48:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0241"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11168"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R9XW-PV6R-FXR3

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-14T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.",
  "id": "GHSA-r9xw-pv6r-fxr3",
  "modified": "2022-05-24T17:36:21Z",
  "published": "2022-05-24T17:36:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5665"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU95638588/index.html"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.