CWE-131
Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
CVE-2024-11425 (GCVE-0-2024-11425)
Vulnerability from cvelistv5 – Published: 2025-01-17 09:00 – Updated: 2025-02-12 17:09
VLAI
Summary
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the
product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) |
Affected:
Versions prior to SV4.30
|
|
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) |
Affected:
Versions prior to SV4.21
|
|
| Schneider Electric | BMENOR2200H |
Affected:
All Versions
|
|
| Schneider Electric | EVLink Pro AC |
Affected:
Versions prior to v1.3.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T13:22:26.095314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T17:09:38.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to SV4.30"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to SV4.21"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMENOR2200H",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EVLink Pro AC",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v1.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the\nproduct when an unauthenticated user is sending a crafted HTTPS packet to the webserver.\n\n\u003cbr\u003e"
}
],
"value": "CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the\nproduct when an unauthenticated user is sending a crafted HTTPS packet to the webserver."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T09:00:32.335Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-11425",
"datePublished": "2025-01-17T09:00:32.335Z",
"dateReserved": "2024-11-19T15:35:20.847Z",
"dateUpdated": "2025-02-12T17:09:38.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23606 (GCVE-0-2024-23606)
Vulnerability from cvelistv5 – Published: 2024-02-20 15:29 – Updated: 2025-11-04 18:28
VLAI
Summary
An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
3 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| The Biosig Project | libbiosig |
Affected:
2.5.0
Affected: Master Branch (ab0ee111) |
|
| fedoraproject | fedora |
Affected:
40
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* |
|
| the_biosig_project | libbiosig |
Affected:
2.5.0
cpe:2.3:a:the_biosig_project:libbiosig:2.5.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "40"
}
]
},
{
"cpes": [
"cpe:2.3:a:the_biosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libbiosig",
"vendor": "the_biosig_project",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T18:23:56.758220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T18:31:30.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:28:49.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libbiosig",
"vendor": "The Biosig Project",
"versions": [
{
"status": "affected",
"version": "2.5.0"
},
{
"status": "affected",
"version": "Master Branch (ab0ee111)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T21:45:06.565Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-23606",
"datePublished": "2024-02-20T15:29:31.412Z",
"dateReserved": "2024-01-23T19:54:39.689Z",
"dateUpdated": "2025-11-04T18:28:49.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23621 (GCVE-0-2024-23621)
Vulnerability from cvelistv5 – Published: 2024-01-25 23:36 – Updated: 2025-06-03 18:17
VLAI
Title
IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow
Summary
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.exodusintel.com/2024/01/25/ibm-merge… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Merge Healthcare | eFilm Workstation |
Affected:
4.1 , ≤ 4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T18:09:38.817722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T18:17:08.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "eFilm Workstation",
"vendor": "IBM Merge Healthcare",
"versions": [
{
"lessThanOrEqual": "4.2",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution."
}
],
"value": "A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T23:36:01.148Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2024-23621",
"datePublished": "2024-01-25T23:36:01.148Z",
"dateReserved": "2024-01-18T21:37:15.393Z",
"dateUpdated": "2025-06-03T18:17:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23622 (GCVE-0-2024-23622)
Vulnerability from cvelistv5 – Published: 2024-01-25 23:36 – Updated: 2025-06-17 21:19
VLAI
Title
IBM Merge Healthcare eFilm Workstation License Server CopySLS_Request3 Buffer Overflow
Summary
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.exodusintel.com/2024/01/25/ibm-merge… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Merge Healthcare | eFilm Workstation |
Affected:
4.1 , ≤ 4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T18:42:41.611704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:30.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "eFilm Workstation",
"vendor": "IBM Merge Healthcare",
"versions": [
{
"lessThanOrEqual": "4.2",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.\u003cbr\u003e"
}
],
"value": "A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T23:36:03.728Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM Merge Healthcare eFilm Workstation License Server CopySLS_Request3 Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2024-23622",
"datePublished": "2024-01-25T23:36:03.728Z",
"dateReserved": "2024-01-18T21:37:15.393Z",
"dateUpdated": "2025-06-17T21:19:30.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23805 (GCVE-0-2024-23805)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2025-05-12 15:06
VLAI
Title
F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability
Summary
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.
Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000137334 | vendor-advisory |
Impacted products
Date Public
2024-01-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137334"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T12:57:12.670523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:06:55.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Advanced WAF",
"ASM",
"AVR"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5"
}
],
"datePublic": "2024-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eUndisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under \u003cstrong\u003eCollected Entities\u003c/strong\u003e\u0026nbsp;is configured on a virtual server and the DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;or \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;or \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are enabled.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;and \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are not enabled by default. For more information about the HTTP Analytics profile and the \u003cstrong\u003eCollect URLs\u003c/strong\u003e\u0026nbsp;setting, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.f5.com/manage/s/article/K30875743\"\u003eK30875743: Create a new Analytics profile and attach it to your virtual servers\u003c/a\u003e.\u003c/p\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nUndisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities\u00a0is configured on a virtual server and the DB variables avr.IncludeServerInURI\u00a0or avr.CollectOnlyHostnameFromURI\u00a0are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI\u00a0or avr.CollectOnlyHostnameFromURI\u00a0are enabled.\n\nNote: The DB variables avr.IncludeServerInURI\u00a0and avr.CollectOnlyHostnameFromURI\u00a0are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs\u00a0setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .\n\n\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T21:45:19.185Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137334"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23805",
"datePublished": "2024-02-14T16:30:25.339Z",
"dateReserved": "2024-02-01T22:13:58.511Z",
"dateUpdated": "2025-05-12T15:06:55.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28052 (GCVE-0-2024-28052)
Vulnerability from cvelistv5 – Published: 2024-10-30 13:35 – Updated: 2024-10-30 15:03
VLAI
Summary
The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wbr-6012",
"vendor": "levelone",
"versions": [
{
"status": "affected",
"version": "R0.40e6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28052",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T14:41:00.559644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:41:27.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:07.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBR-6012",
"vendor": "LevelOne",
"versions": [
{
"status": "affected",
"version": "R0.40e6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Patrick DeSantis and Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T13:35:14.618Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1997",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1997"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-28052",
"datePublished": "2024-10-30T13:35:14.618Z",
"dateReserved": "2024-05-06T19:46:01.544Z",
"dateUpdated": "2024-10-30T15:03:07.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30405 (GCVE-0-2024-30405)
Vulnerability from cvelistv5 – Published: 2024-04-12 15:04 – Updated: 2024-08-12 17:24
VLAI
Title
Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service
Summary
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).
Continued receipt and processing of these specific packets will sustain the Denial of Service condition.
This issue affects:
Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.
* All versions earlier than 21.2R3-S7;
* 21.4 versions earlier than 21.4R3-S6;
* 22.1 versions earlier than 22.1R3-S5;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R2.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA79105 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | technical-description |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S7
(semver)
Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
|
| juniper | junos |
Affected:
0 , < 21.2r3-s7
(semver)
Affected: 21.4 , < 21.4r3-s6 (semver) Affected: 22.1 , < 22.1r3-s5 (semver) Affected: 22.2 , < 22.2r3-s3 (semver) Affected: 22.3 , < 22.3r3-s2 (semver) Affected: 22.4 , < 22.4r3 (semver) Affected: 23.2 , < 23.2r2 (semver) cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* |
Date Public
2024-04-10 16:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79105"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T20:34:45.487020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T17:24:28.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX 5000 Series with SPC2"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimum configuration is required to be exposed to the issue:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [security alg]\u003cbr\u003e\u003c/p\u003e\u003cp\u003e \u003c/p\u003e"
}
],
"value": "The following minimum configuration is required to be exposed to the issue:\n\n\u00a0 [security alg]"
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S6;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S5;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S2;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R2.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).\n\nContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\n\nThis issue affects:\nJuniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.\n * All versions earlier than 21.2R3-S7;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:37:47.854Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79105"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u0026nbsp;21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.4R1, and all subsequent releases.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a021.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79105",
"defect": [
"1750148"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue other than reducing risk by disabling as many ALGs as possible until the device can be upgraded.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue other than reducing risk by disabling as many ALGs as possible until the device can be upgraded."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30405",
"datePublished": "2024-04-12T15:04:23.911Z",
"dateReserved": "2024-03-26T23:06:19.981Z",
"dateUpdated": "2024-08-12T17:24:28.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39808 (GCVE-0-2024-39808)
Vulnerability from cvelistv5 – Published: 2024-09-11 04:03 – Updated: 2024-09-11 13:36
VLAI
Summary
Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service.
This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gallagher | Controller 6000 and Controller 7000 |
Affected:
0 , ≤ 8.70
(custom)
Affected: 9.10 , < vCR9.10.240816a (custom) Affected: 9.00 , < vCR9.00.240816a (custom) Affected: 8.90 , < vCR8.90.240816a (custom) Affected: 8.80 , < vCR8.80.240816b (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:36:21.512949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:36:30.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Controller 6000 and Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR9.10.240816a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThan": "vCR9.00.240816a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vCR8.90.240816a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vCR8.80.240816b",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. \u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior."
}
],
"value": "Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. \n\n\n\nThis issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T04:03:50.955Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-39808"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-39808",
"datePublished": "2024-09-11T04:03:50.955Z",
"dateReserved": "2024-08-28T02:46:11.085Z",
"dateUpdated": "2024-09-11T13:36:30.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45287 (GCVE-0-2024-45287)
Vulnerability from cvelistv5 – Published: 2024-09-05 03:18 – Updated: 2024-09-26 15:03
VLAI
Title
Multiple vulnerabilities in libnv
Summary
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.freebsd.org/advisories/FreeBSD-S… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2024092… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| FreeBSD | FreeBSD |
Affected:
14.1-RELEASE , < p4
(release)
Affected: 14.0-RELEASE , < p10 (release) Affected: 13.3-RELEASE , < p6 (release) |
|
| freebsd | freebsd |
Affected:
14.1 , < 14.1_p4
(custom)
Affected: 14.0 , < 14.0_p10 (custom) Affected: 13.3 , < 13.3_p6 (custom) cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* |
Date Public
2024-09-04 23:37
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:16:32.402606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:16:36.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-26T15:03:11.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"libnv"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "finder",
"value": "Taylor R Campbell (NetBSD)"
}
],
"datePublic": "2024-09-04T23:37:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:18:16.076Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc"
}
],
"title": "Multiple vulnerabilities in libnv"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-45287",
"datePublished": "2024-09-05T03:18:16.076Z",
"dateReserved": "2024-08-26T14:20:00.870Z",
"dateUpdated": "2024-09-26T15:03:11.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5000 (GCVE-0-2024-5000)
Vulnerability from cvelistv5 – Published: 2024-06-04 08:54 – Updated: 2024-08-01 20:55
VLAI
Title
CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
Summary
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
Impacted products
29 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Control for BeagleBone SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for emPC-A/iMX6 SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for IOT2000 SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Linux ARM SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Linux SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PFC100 SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PFC200 SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PLCnext SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Raspberry Pi SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control for WAGO Touch Panels 600 SL |
Affected:
0 , < 4.12.0.0
(semver)
|
|
| CODESYS | CODESYS Control RTE (for Beckhoff CX) SL |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Runtime Toolkit |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Control Win (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS HMI (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| codesys | control_for_empc-a\/imx6_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_beaglebone_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_iot2000_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_linux_arm_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_linux_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_pfc200_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_plcnext_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_raspberry_pi_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_for_wago_touch_panels_600_sl |
Affected:
0 , < 4.12.0.0
(custom)
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_rte_\(for_beckhoff_cx\)_sl |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl:*:*:*:*:*:*:*:* |
|
| codesys | control_rte_\(sl\) |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:control_rte_\(sl\):*:*:*:*:*:*:*:* |
|
| codesys | control_win_\(sl\) |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:control_win_\(sl\):*:*:*:*:*:*:*:* |
|
| codesys | runtime_toolkit |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:* |
|
| codesys | hmi_\(sl\) |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:hmi_\(sl\):*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_empc-a\\/imx6_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_beaglebone_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_iot2000_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_linux_arm_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_linux_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_pfc200_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_plcnext_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_raspberry_pi_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_for_wago_touch_panels_600_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_rte_\\(for_beckhoff_cx\\)_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_rte_\\(sl\\)",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_win_\\(sl\\)",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "runtime_toolkit",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hmi_\\(sl\\)",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T14:26:44.507505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:44:44.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-026"
},
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18355\u0026token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.12.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB Schweiz AG."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can use a\u0026nbsp;malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can use a\u00a0malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T08:54:06.522Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-026"
},
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18355\u0026token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1\u0026download="
}
],
"source": {
"advisory": "VDE-2024-026",
"defect": [
"CERT@VDE#641630"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-5000",
"datePublished": "2024-06-04T08:54:06.522Z",
"dateReserved": "2024-05-16T12:09:56.937Z",
"dateUpdated": "2024-08-01T20:55:10.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- When allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts "&" characters to "&" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer.
Mitigation ID: MIT-36
Phase: Implementation
Description:
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation ID: MIT-8
Phase: Implementation
Strategy: Input Validation
Description:
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation ID: MIT-15
Phase: Architecture and Design
Description:
- For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation
Phase: Implementation
Description:
- When processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130).
Mitigation
Phase: Implementation
Description:
- When allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated.
Mitigation ID: MIT-13
Phase: Implementation
Description:
- Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
Mitigation
Phase: Implementation
Description:
- Use sizeof() on the appropriate data type to avoid CWE-467.
Mitigation
Phase: Implementation
Description:
- Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity. This will simplify validation and will reduce surprises related to unexpected casting.
Mitigation ID: MIT-4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences, or buffer allocation routines that automatically track buffer size.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation ID: MIT-12
Phase: Operation
Strategy: Environment Hardening
Description:
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation ID: MIT-26
Phase: Implementation
Strategy: Compilation or Build Hardening
Description:
- Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation ID: MIT-22
Phases: Architecture and Design, Operation
Strategy: Sandbox or Jail
Description:
- Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
- OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
CAPEC-100: Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.