Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2024-34772 (GCVE-0-2024-34772)
Vulnerability from cvelistv5 – Published: 2024-05-14 10:03 – Updated: 2024-08-02 02:59
VLAI
Summary
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Solid Edge |
Affected:
0 , < V224.0 Update 4
(custom)
|
|
| siemens | solid_edge |
Affected:
0 , < v224.0
(custom)
cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solid_edge",
"vendor": "siemens",
"versions": [
{
"lessThan": "v224.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T12:54:19.687164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:13:23.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Solid Edge",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V224.0 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Solid Edge (All versions \u003c V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T07:24:58.168Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-34772",
"datePublished": "2024-05-14T10:03:13.155Z",
"dateReserved": "2024-05-08T14:32:55.042Z",
"dateUpdated": "2024-08-02T02:59:22.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36114 (GCVE-0-2024-36114)
Vulnerability from cvelistv5 – Published: 2024-05-29 20:24 – Updated: 2024-08-02 03:30
VLAI
Title
Decompressors can crash the JVM and leak memory content in Aircompressor
Summary
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/airlift/aircompressor/security… | x_refsource_CONFIRM |
| https://github.com/airlift/aircompressor/commit/1… | x_refsource_MISC |
| https://github.com/airlift/aircompressor/commit/2… | x_refsource_MISC |
| https://github.com/airlift/aircompressor/commit/c… | x_refsource_MISC |
| https://github.com/airlift/aircompressor/commit/d… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| airlift | aircompressor |
Affected:
< 0.27
|
|
| airlift | aircompressor |
Affected:
0 , < 0.27
(custom)
cpe:2.3:a:airlift:aircompressor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:airlift:aircompressor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aircompressor",
"vendor": "airlift",
"versions": [
{
"lessThan": "0.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T19:37:59.883008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T19:42:22.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
},
{
"name": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
},
{
"name": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
},
{
"name": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
},
{
"name": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "aircompressor",
"vendor": "airlift",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T20:24:53.906Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
},
{
"name": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
},
{
"name": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
},
{
"name": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
},
{
"name": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
}
],
"source": {
"advisory": "GHSA-973x-65j7-xcf4",
"discovery": "UNKNOWN"
},
"title": "Decompressors can crash the JVM and leak memory content in Aircompressor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36114",
"datePublished": "2024-05-29T20:24:53.906Z",
"dateReserved": "2024-05-20T21:07:48.187Z",
"dateUpdated": "2024-08-02T03:30:13.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36124 (GCVE-0-2024-36124)
Vulnerability from cvelistv5 – Published: 2024-06-03 14:25 – Updated: 2024-09-05 14:44
VLAI
Title
iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash
Summary
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dain/snappy/security/advisorie… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| dain | snappy |
Affected:
< 0.5
|
|
| xerial | snappy-java |
Affected:
0 , < 0.5
(custom)
cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dain/snappy/security/advisories/GHSA-8wh2-6qhj-h7j9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dain/snappy/security/advisories/GHSA-8wh2-6qhj-h7j9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snappy-java",
"vendor": "xerial",
"versions": [
{
"lessThan": "0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:26:25.852205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:44:12.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snappy",
"vendor": "dain",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T14:25:58.628Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dain/snappy/security/advisories/GHSA-8wh2-6qhj-h7j9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dain/snappy/security/advisories/GHSA-8wh2-6qhj-h7j9"
}
],
"source": {
"advisory": "GHSA-8wh2-6qhj-h7j9",
"discovery": "UNKNOWN"
},
"title": "iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36124",
"datePublished": "2024-06-03T14:25:58.628Z",
"dateReserved": "2024-05-20T21:07:48.189Z",
"dateUpdated": "2024-09-05T14:44:12.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36243 (GCVE-0-2024-36243)
Vulnerability from cvelistv5 – Published: 2024-07-02 08:13 – Updated: 2024-08-02 03:37
VLAI
Title
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
Summary
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenHarmony | OpenHarmony |
Affected:
v4.0.0 , ≤ 4.0.1
(custom)
|
|
| openharmony | openharmony |
Affected:
4.0 , < 4.0.1
(custom)
cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "openharmony",
"vendor": "openharmony",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T14:22:24.926933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:34:18.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:03.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenHarmony",
"vendor": "OpenHarmony",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "v4.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write."
}
],
"value": "in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T08:13:41.186Z",
"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
"shortName": "OpenHarmony"
},
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arkcompiler Ets Runtime has an out-of-bounds read vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
"assignerShortName": "OpenHarmony",
"cveId": "CVE-2024-36243",
"datePublished": "2024-07-02T08:13:41.186Z",
"dateReserved": "2024-06-04T12:54:08.310Z",
"dateUpdated": "2024-08-02T03:37:03.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36251 (GCVE-0-2024-36251)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
VLAI
Summary
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
7 references
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
|
| sharp | mx-m905 |
Affected:
611
cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:* |
|
| sharp | mx-m6070 |
Affected:
502
cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m5070 |
Affected:
502
cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m4070 |
Affected:
502
cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3570 |
Affected:
502
cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3070 |
Affected:
502
cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m6050 |
Affected:
502
cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m5050 |
Affected:
502
cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m4050 |
Affected:
502
cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3550 |
Affected:
502
cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3050 |
Affected:
502
cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m2630 |
Affected:
502
cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:* |
|
| sharp | bp-b550wd |
Affected:
250
cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:* |
|
| sharp | bp-b540wr |
Affected:
250
cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:* |
|
| sharp | bp-b547wd |
Affected:
250
cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:* |
|
| sharp | bp-b537wr |
Affected:
250
cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:* |
|
| sharp | mx-b455w |
Affected:
404
cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:* |
|
| sharp | mx-b355w |
Affected:
404
cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:* |
|
| sharp | mx-b455wz |
Affected:
404
cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:* |
|
| sharp | mx-b355wz |
Affected:
404
cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:* |
|
| sharp | mx-b455wt |
Affected:
404
cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:* |
|
| sharp | mx-b355wt |
Affected:
404
cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "611"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m5070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m4070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3570",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m5050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m4050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3550",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m2630",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b540wr",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b547wd",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b537wr",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455w",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355w",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355wz",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wt",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355wt",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36251",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:19:13.648769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:28:15.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:07.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:24.464Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36251",
"datePublished": "2024-11-26T07:38:24.464Z",
"dateReserved": "2024-05-22T09:00:10.181Z",
"dateUpdated": "2025-11-04T17:21:07.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36254 (GCVE-0-2024-36254)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:48
VLAI
Summary
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
51 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
|
| sharp | bp-90c70 |
Affected:
0 , ≤ 200
(custom)
cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:* |
|
| sharp | bp-90c80 |
Affected:
0 , ≤ 200
(custom)
cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c65 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c55 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c45 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c36 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c31 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:* |
|
| sharp | bp-60c45 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:* |
|
| sharp | bp-60c36 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:* |
|
| sharp | bp-60c31 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c65 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c55 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c45 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c36 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c31 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c26 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:* |
|
| sharp | bp-55c26 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:* |
|
| sharp | mx-8081 |
Affected:
0 , ≤ 150
(custom)
cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:* |
|
| sharp | mx-7081 |
Affected:
0 , ≤ 150
(custom)
cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:* |
|
| sharp | mx-6071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:* |
|
| sharp | mx-5071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:* |
|
| sharp | mx-4071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:* |
|
| sharp | mx-3571 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:* |
|
| sharp | mx-3071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:* |
|
| sharp | mx-4061 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:* |
|
| sharp | mx-3561 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:* |
|
| sharp | mx-3061 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:* |
|
| sharp | mx-6051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:* |
|
| sharp | mx-5051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:* |
|
| sharp | mx-4051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:* |
|
| sharp | mx-3551 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:* |
|
| sharp | mx-3051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:* |
|
| sharp | mx-2651 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:* |
|
| sharp | mx-6071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-5071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-4071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3571s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-4061s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3561s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3061s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25 |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25y |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25z |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25t |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:* |
|
| sharp | mx-7580n |
Affected:
0 , ≤ 502
(custom)
cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:* |
|
| sharp | mx-6580n |
Affected:
0 , ≤ 502
(custom)
cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:* |
|
| sharp | mx-8090n |
Affected:
0 , ≤ 404
(custom)
cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:* |
|
| sharp | mx-7090n |
Affected:
0 , ≤ 404
(custom)
cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c70",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c55",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c65",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c55",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c26",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-55c26",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "150",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7081",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "150",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3571",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4061",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3561",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3061",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3551",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-2651",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3571s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4061s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3561s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3061s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25y",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25z",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25t",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6580n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7090n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:24:25.876189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:48:35.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:30.408Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36254",
"datePublished": "2024-11-26T07:38:30.408Z",
"dateReserved": "2024-05-22T09:00:17.089Z",
"dateUpdated": "2024-11-26T14:48:35.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36502 (GCVE-0-2024-36502)
Vulnerability from cvelistv5 – Published: 2024-06-14 07:23 – Updated: 2024-08-02 03:37
VLAI
Summary
Out-of-bounds read vulnerability in the audio module
Impact: Successful exploitation of this vulnerability will affect availability.
Severity
7.9 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T15:31:40.711811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T15:31:48.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://consumer.huawei.com/en/support/bulletin/2024/6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read vulnerability in the audio module\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"value": "Out-of-bounds read vulnerability in the audio module\nImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T07:23:20.096Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/6/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-36502",
"datePublished": "2024-06-14T07:23:20.096Z",
"dateReserved": "2024-05-29T07:57:22.786Z",
"dateUpdated": "2024-08-02T03:37:05.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36504 (GCVE-0-2024-36504)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-02-18 21:38
VLAI
Summary
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Denial of service
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.4.0 , ≤ 7.4.4
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.16 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:29:08.113154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:38:19.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:58.824Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-473",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-473"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-36504",
"datePublished": "2025-01-14T14:09:58.824Z",
"dateReserved": "2024-05-29T08:44:50.759Z",
"dateUpdated": "2025-02-18T21:38:19.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36980 (GCVE-0-2024-36980)
Vulnerability from cvelistv5 – Published: 2024-09-18 14:35 – Updated: 2025-11-04 16:12
VLAI
Summary
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenPLC | OpenPLC_v3 |
Affected:
b4702061dc14d1024856f71b4543298d77007b88
|
|
| openplcproject | openplc_v3 |
Affected:
b4702061dc14d1024856f71b4543298d77007b88
cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openplc_v3",
"vendor": "openplcproject",
"versions": [
{
"status": "affected",
"version": "b4702061dc14d1024856f71b4543298d77007b88"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:20:31.698050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:21:19.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:12:21.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenPLC_v3",
"vendor": "OpenPLC",
"versions": [
{
"status": "affected",
"version": "b4702061dc14d1024856f71b4543298d77007b88"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Jared Rittle of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:35:55.669Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2004",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2004"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-36980",
"datePublished": "2024-09-18T14:35:55.669Z",
"dateReserved": "2024-05-30T16:01:30.401Z",
"dateUpdated": "2025-11-04T16:12:21.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36981 (GCVE-0-2024-36981)
Vulnerability from cvelistv5 – Published: 2024-09-18 14:35 – Updated: 2025-11-04 16:12
VLAI
Summary
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenPLC | OpenPLC_v3 |
Affected:
b4702061dc14d1024856f71b4543298d77007b88
|
|
| openplcproject | openplc_v3 |
Affected:
b4702061dc14d1024856f71b4543298d77007b88
cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openplc_v3",
"vendor": "openplcproject",
"versions": [
{
"status": "affected",
"version": "b4702061dc14d1024856f71b4543298d77007b88"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36981",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:14:54.434159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:18:49.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:12:22.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenPLC_v3",
"vendor": "OpenPLC",
"versions": [
{
"status": "affected",
"version": "b4702061dc14d1024856f71b4543298d77007b88"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Jared Rittle of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:35:55.783Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2004",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2004"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-36981",
"datePublished": "2024-09-18T14:35:55.783Z",
"dateReserved": "2024-05-30T16:01:30.401Z",
"dateUpdated": "2025-11-04T16:12:22.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.