CWE-248
Uncaught Exception
An exception is thrown from a function, but it is not caught.
CVE-2023-42444 (GCVE-0-2023-42444)
Vulnerability from cvelistv5 – Published: 2023-09-19 14:47 – Updated: 2024-09-24 20:46
VLAI
Title
phonenumber panics on parsing crafted RF3966 inputs
Summary
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.
Severity
8.6 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/whisperfish/rust-phonenumber/s… | x_refsource_CONFIRM |
| https://github.com/whisperfish/rust-phonenumber/c… | x_refsource_MISC |
| https://github.com/whisperfish/rust-phonenumber/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| whisperfish | rust-phonenumber |
Affected:
< 0.2.5+8.11.3
Affected: >= 0.3.0, < 0.3.3+8.3.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2"
},
{
"name": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6"
},
{
"name": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T20:46:29.902328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:46:54.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rust-phonenumber",
"vendor": "whisperfish",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.5+8.11.3"
},
{
"status": "affected",
"version": "\u003e= 0.3.0, \u003c 0.3.3+8.3.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-392",
"description": "CWE-392: Missing Report of Error Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284: Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T14:47:22.026Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2"
},
{
"name": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6"
},
{
"name": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71"
}
],
"source": {
"advisory": "GHSA-whhr-7f2w-qqj2",
"discovery": "UNKNOWN"
},
"title": "phonenumber panics on parsing crafted RF3966 inputs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42444",
"datePublished": "2023-09-19T14:47:22.026Z",
"dateReserved": "2023-09-08T20:57:45.572Z",
"dateUpdated": "2024-09-24T20:46:54.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42447 (GCVE-0-2023-42447)
Vulnerability from cvelistv5 – Published: 2023-09-19 14:57 – Updated: 2024-09-24 18:56
VLAI
Title
blurhash panics on parsing crafted inputs
Summary
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.
Severity
8.6 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/whisperfish/blurhash-rs/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| whisperfish | blurhash-rs |
Affected:
= 0.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:48:49.696757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:56:15.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "blurhash-rs",
"vendor": "whisperfish",
"versions": [
{
"status": "affected",
"version": "= 0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-392",
"description": "CWE-392: Missing Report of Error Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284: Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T14:57:16.784Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2"
}
],
"source": {
"advisory": "GHSA-cxvp-82cq-57h2",
"discovery": "UNKNOWN"
},
"title": "blurhash panics on parsing crafted inputs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42447",
"datePublished": "2023-09-19T14:57:16.784Z",
"dateReserved": "2023-09-08T20:57:45.573Z",
"dateUpdated": "2024-09-24T18:56:15.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46135 (GCVE-0-2023-46135)
Vulnerability from cvelistv5 – Published: 2023-10-25 00:38 – Updated: 2024-09-10 15:06
VLAI
Title
Panic in SignedPayload::from_payload
Summary
rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.
Severity
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/stellar/rs-stellar-strkey/secu… | x_refsource_CONFIRM |
| https://github.com/stellar/rs-stellar-strkey/issues/58 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stellar | rs-stellar-strkey |
Affected:
< 0.0.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f"
},
{
"name": "https://github.com/stellar/rs-stellar-strkey/issues/58",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stellar/rs-stellar-strkey/issues/58"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stellar:rs-stellar-strkey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rs-stellar-strkey",
"vendor": "stellar",
"versions": [
{
"lessThan": "0.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:01:35.354183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:06:21.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rs-stellar-strkey",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T00:38:03.159Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f"
},
{
"name": "https://github.com/stellar/rs-stellar-strkey/issues/58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-stellar-strkey/issues/58"
}
],
"source": {
"advisory": "GHSA-5873-6fwq-463f",
"discovery": "UNKNOWN"
},
"title": "Panic in SignedPayload::from_payload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46135",
"datePublished": "2023-10-25T00:38:03.159Z",
"dateReserved": "2023-10-16T17:51:35.574Z",
"dateUpdated": "2024-09-10T15:06:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46239 (GCVE-0-2023-46239)
Vulnerability from cvelistv5 – Published: 2023-10-31 15:02 – Updated: 2024-09-05 17:37
VLAI
Title
quic-go vulnerable to pointer dereference that can lead to panic
Summary
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.
Severity
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/quic-go/quic-go/security/advis… | x_refsource_CONFIRM |
| https://github.com/quic-go/quic-go/commit/b6a4725… | x_refsource_MISC |
| https://github.com/quic-go/quic-go/releases/tag/v0.37.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h"
},
{
"name": "https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617"
},
{
"name": "https://github.com/quic-go/quic-go/releases/tag/v0.37.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quic-go/quic-go/releases/tag/v0.37.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:36:38.496208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:37:20.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quic-go",
"vendor": "quic-go",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.37.0, \u003c 0.37.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T15:02:03.413Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h"
},
{
"name": "https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617"
},
{
"name": "https://github.com/quic-go/quic-go/releases/tag/v0.37.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quic-go/quic-go/releases/tag/v0.37.3"
}
],
"source": {
"advisory": "GHSA-3q6m-v84f-6p9h",
"discovery": "UNKNOWN"
},
"title": "quic-go vulnerable to pointer dereference that can lead to panic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46239",
"datePublished": "2023-10-31T15:02:03.413Z",
"dateReserved": "2023-10-19T20:34:00.947Z",
"dateUpdated": "2024-09-05T17:37:20.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4785 (GCVE-0-2023-4785)
Vulnerability from cvelistv5 – Published: 2023-09-13 16:31 – Updated: 2026-01-12 15:34
VLAI
Title
Denial of Service in gRPC Core
Summary
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Severity
7.5 (High)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc/pull/33656"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc/pull/33667"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc/pull/33669"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc/pull/33670"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc/pull/33672"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "grpc",
"vendor": "grpc",
"versions": [
{
"lessThan": "1.23",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.57"
},
{
"lessThanOrEqual": "1.56.1",
"status": "affected",
"version": "1.56.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "155.2",
"status": "affected",
"version": "1.55.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.54.2",
"status": "affected",
"version": "1.54.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.53.1",
"status": "affected",
"version": "1.53.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:02:01.004344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:05:52.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Posix-compatible platforms"
],
"product": "gRPC",
"repo": "https://github.com/grpc/grpc",
"vendor": "Google",
"versions": [
{
"lessThan": "1.23",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.57"
},
{
"changes": [
{
"at": "1.56.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.56.1",
"status": "affected",
"version": "1.56.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1.55.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.55.2",
"status": "affected",
"version": "1.55.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1.54.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.54.2",
"status": "affected",
"version": "1.54.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1.53.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.53.1",
"status": "affected",
"version": "1.53.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u0026nbsp;"
}
],
"value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:34:12.725Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/grpc/grpc/pull/33656"
},
{
"url": "https://github.com/grpc/grpc/pull/33667"
},
{
"url": "https://github.com/grpc/grpc/pull/33669"
},
{
"url": "https://github.com/grpc/grpc/pull/33670"
},
{
"url": "https://github.com/grpc/grpc/pull/33672"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in gRPC Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-4785",
"datePublished": "2023-09-13T16:31:55.664Z",
"dateReserved": "2023-09-06T04:50:57.530Z",
"dateUpdated": "2026-01-12T15:34:12.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5038 (GCVE-0-2023-5038)
Vulnerability from cvelistv5 – Published: 2024-06-25 02:14 – Updated: 2024-08-02 07:44
VLAI
Title
Unauthenticated DoS
Summary
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hanwhavision.com/wp-content/uploads/2… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | A-Series, Q-Series, PNM-series Camera |
Affected:
Prior to version 1.41.16, Prior to version 2.22.00
|
Date Public
2024-06-25 02:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-c9022rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9000qb",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7002vd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-8082vt",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9002vq",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9022v",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9031rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9322vqp",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-12082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6011",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6021",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l6082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ane-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7082r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ano-l7022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anv-l7012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-c9022rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9000qb",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7002vd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-8082vt",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9002vq",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9022v",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9031rv",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084qz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9084rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9085rqz1",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-9322vqp",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-7082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pnm-12082rvd",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "2.22.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6072r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lnv-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lno-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6011",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6012r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6021",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6022r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnd-6032r",
"vendor": "hanwhavision",
"versions": [
{
"lessThan": "1.41.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T16:44:21.978973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T23:04:59.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "A-Series, Q-Series, PNM-series Camera",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Prior to version 1.41.16, Prior to version 2.22.00"
}
]
}
],
"datePublic": "2024-06-25T02:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003ebadmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:14:06.610Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated DoS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-5038",
"datePublished": "2024-06-25T02:14:06.610Z",
"dateReserved": "2023-09-18T06:00:29.464Z",
"dateUpdated": "2024-08-02T07:44:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5310 (GCVE-0-2023-5310)
Vulnerability from cvelistv5 – Published: 2023-12-15 16:05 – Updated: 2024-10-08 14:15
VLAI
Title
Z-Wave Denial of Service caused by Stream of Packets
Summary
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
Severity
5.7 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SiliconLabs/gecko_sdk/releases | |
| https://siliconlabs.lightning.force.com/sfc/servl… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 7.20.3
(LessThan)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T18:23:37.766666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:15:42.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "7.20.3",
"status": "affected",
"version": "0",
"versionType": "LessThan"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.\u003c/span\u003e"
}
],
"value": "A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-601",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-601 Jamming"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:44:43.455Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Z-Wave Denial of Service caused by Stream of Packets",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-5310",
"datePublished": "2023-12-15T16:05:15.120Z",
"dateReserved": "2023-09-29T18:44:41.563Z",
"dateUpdated": "2024-10-08T14:15:42.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6533 (GCVE-0-2023-6533)
Vulnerability from cvelistv5 – Published: 2024-02-21 19:55 – Updated: 2024-09-27 15:52
VLAI
Title
Silicon Labs PC Controller Denial of Service Vulnerability
Summary
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
Severity
6.5 (Medium)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.silabs.com/068Vm000001HdNm | vendor-advisorypermissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | PC Controller |
Affected:
0 , ≤ 5.54.0
(LessThan)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T15:48:15.722979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:54.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required",
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001HdNm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PC Controller",
"product": "PC Controller",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "5.54.0",
"status": "affected",
"version": "0",
"versionType": "LessThan"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.\u0026nbsp;"
}
],
"value": "Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-601",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-601 Jamming"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-419",
"description": "CWE-419 Unprotected Primary Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:52:58.406Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm000001HdNm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Silicon Labs PC Controller Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-6533",
"datePublished": "2024-02-21T19:55:26.586Z",
"dateReserved": "2023-12-05T18:59:45.077Z",
"dateUpdated": "2024-09-27T15:52:58.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6640 (GCVE-0-2023-6640)
Vulnerability from cvelistv5 – Published: 2024-02-21 19:56 – Updated: 2024-09-27 15:55
VLAI
Title
Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
Summary
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
Severity
6.5 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.silabs.com/068Vm000001HdNm | vendor-advisorypermissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | PC Controller |
Affected:
0 , ≤ 5.54.0
(LessThan)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T20:30:46.012849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:13.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required",
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000001HdNm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PC Controller",
"product": "PC Controller",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "5.54.0",
"status": "affected",
"version": "0",
"versionType": "LessThan"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.\u0026nbsp;"
}
],
"value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:55:02.841Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm000001HdNm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-6640",
"datePublished": "2024-02-21T19:56:50.808Z",
"dateReserved": "2023-12-08T20:21:25.231Z",
"dateUpdated": "2024-09-27T15:55:02.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11172 (GCVE-0-2024-11172)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-10-15 12:49
VLAI
Title
Denial of Service in danny-avila/librechat
Summary
A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6.
Severity
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < 0.7.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11172",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:52:24.654884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:31:20.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "0.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:28.544Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/c76a7ee3-2e26-45a0-8940-21c749592105"
},
{
"url": "https://github.com/danny-avila/librechat/commit/976784c01fa4cce00d4c2941801d56aed375c21b"
}
],
"source": {
"advisory": "c76a7ee3-2e26-45a0-8940-21c749592105",
"discovery": "EXTERNAL"
},
"title": "Denial of Service in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-11172",
"datePublished": "2025-03-20T10:10:06.689Z",
"dateReserved": "2024-11-12T21:35:01.031Z",
"dateUpdated": "2025-10-15T12:49:28.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.