CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
CVE-2024-47491 (GCVE-0-2024-47491)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:23 – Updated: 2024-10-22 19:12
VLAI
Title
Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP path attribute leads to an RPD crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).
When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts.
Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. While this issue affects systems running 32-bit and 64-bit systems, the probability of impact on 64-bit system is extremely low.
According to KB25803 https://supportportal.juniper.net/s/article/Junos-How-to-check-if-Junos-OS-is-64-or-32-bit-on-a-router , customers can confirm 32-bit or 64-bit system via the ' show version detail ' command:
lab@router> show version detail| match 32
JUNOS 32-bit kernel Software Suite
lab@router> show version detail| match 64
JUNOS 64-bit kernel Software Suite
This issue affects:
Juniper Networks Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Juniper Networks Junos OS Evolved: * All versions before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.4 before 22.4R3-S3-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/ | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S8
(semver)
Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.4 , < 22.4R3-S3 (semver) Affected: 23.2 , < 23.2R2-S1 (semver) Affected: 23.4 , < 23.4R1-S2, 23.4R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S8-EVO
(semver)
Affected: 22.2 , < 22.2R3-S4-EVO (semver) Affected: 22.4 , < 22.4R3-S3-EVO (semver) Affected: 23.2 , < 23.2R2-S1-EVO (semver) Affected: 23.4 , < 23.4R1-S2-EVO, 23.4R2-EVO (semver) |
|
| juniper | junos |
Affected:
0 , < 21.4r3-s8
(semver)
Affected: 22.2 , < 22.2r3-s4 (semver) Affected: 22.4 , < 22.4r3-s3 (semver) Affected: 23.2 , < 23.2r2-s1 (semver) Affected: 23.4 , < 23.4r1-s2 (semver) Affected: 23.4 , < 23.4r2 (semver) cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* |
|
| juniper | junos_evolved |
Affected:
0 , < 21.4r3-s8-evo
(semver)
Affected: 22.2 , < 22.2r3-s4-evo (semver) Affected: 22.4 , < 22.4r3-s3-evo (semver) Affected: 23.2 , < 23.2r2-s1-evo (semver) Affected: 23.4 , < 23.4r1-s2-evo (semver) Affected: 23.4 , < 23.4r2-evo (semver) cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:* |
Date Public
2024-10-09 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2-s1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s8-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s3-evo",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2-s1-evo",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s2-evo",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2-evo",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T19:11:49.343466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T19:12:09.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue a minimal BGP configuration like the following is required:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; neighbor ... ]\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "To be exposed to this issue a minimal BGP configuration like the following is required:\n\n[ protocols bgp group \u003cname\u003e neighbor ... ]"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eAn Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eWhen a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003eContinuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. While t\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003ehis issue affects systems running 32-bit and 64-bit systems, the probability of impact on 64-bit system is extremely low.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u003cp\u003e\u003cbr\u003eAccording to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://supportportal.juniper.net/s/article/Junos-How-to-check-if-Junos-OS-is-64-or-32-bit-on-a-router\"\u003eKB25803 \u003c/a\u003e, customers can confirm 32-bit or 64-bit system via the \u0027 \u003cstrong\u003e\u003ccode\u003eshow version detail \u003c/code\u003e\u003c/strong\u003e\u0027 command:\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u2003\u2003\u2003\u2003\u2003lab@router\u0026gt; show version detail| match 32\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003JUNOS 32-bit kernel Software Suite\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003lab@router\u0026gt; show version detail| match 64\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003JUNOS 64-bit kernel Software Suite\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u2003Juniper Networks Junos OS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u2003Juniper Networks Junos OS Evolved:\u0026nbsp;\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).\n\nWhen a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. \n\nContinuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. While this issue affects systems running 32-bit and 64-bit systems, the probability of impact on 64-bit system is extremely low.\u00a0\nAccording to KB25803 https://supportportal.juniper.net/s/article/Junos-How-to-check-if-Junos-OS-is-64-or-32-bit-on-a-router , customers can confirm 32-bit or 64-bit system via the \u0027 show version detail \u0027 command:\n\n\n\n\u2003\u2003\u2003\u2003\u2003lab@router\u003e show version detail| match 32\n\u2003\u2003\u2003\u2003\u2003JUNOS 32-bit kernel Software Suite\u00a0\n\n\u2003\u2003\u2003\u2003\u2003lab@router\u003e show version detail| match 64\n\u2003\u2003\u2003\u2003\u2003JUNOS 64-bit kernel Software Suite\u00a0\n\n\nThis issue affects:\n\n\u2003Juniper Networks Junos OS:\u00a0\n\n * All versions before 21.4R3-S8,\u00a0\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.4 before 22.4R3-S3,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\n\u2003Juniper Networks Junos OS Evolved:\u00a0 * All versions before 21.4R3-S8-EVO, \n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:02:14.393Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS: 21.4R3-S8, 22.2R3-S4, 22.4R3-S3, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003c/span\u003e \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,\u0026nbsp;and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3-S8, 22.2R3-S4, 22.4R3-S3, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases. \n\nJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,\u00a0and all subsequent releases."
}
],
"source": {
"advisory": "JSA88116",
"defect": [
"1797147"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP path attribute leads to an RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-47491",
"datePublished": "2024-10-11T15:23:08.762Z",
"dateReserved": "2024-09-25T15:26:52.608Z",
"dateUpdated": "2024-10-22T19:12:09.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47609 (GCVE-0-2024-47609)
Vulnerability from cvelistv5 – Published: 2024-10-01 20:13 – Updated: 2024-11-21 16:56
VLAI
Title
Remotely exploitable DoS in Tonic `<=v0.12.2`
Summary
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/hyperium/tonic/security/adviso… | x_refsource_CONFIRM |
| https://github.com/hyperium/tonic/issues/1897 | x_refsource_MISC |
| https://github.com/hyperium/tonic/commit/a4472a86… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hyperium:tonic:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tonic",
"vendor": "hyperium",
"versions": [
{
"lessThanOrEqual": "0.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:16:26.504456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:56:13.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tonic",
"vendor": "hyperium",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.12.2, \u003c 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tonic is a native gRPC client \u0026 server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T20:13:55.017Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperium/tonic/security/advisories/GHSA-4jwc-w2hc-78qv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperium/tonic/security/advisories/GHSA-4jwc-w2hc-78qv"
},
{
"name": "https://github.com/hyperium/tonic/issues/1897",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hyperium/tonic/issues/1897"
},
{
"name": "https://github.com/hyperium/tonic/commit/a4472a86f3290e60c7c01348b7e6a8164d6e7e48",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hyperium/tonic/commit/a4472a86f3290e60c7c01348b7e6a8164d6e7e48"
}
],
"source": {
"advisory": "GHSA-4jwc-w2hc-78qv",
"discovery": "UNKNOWN"
},
"title": "Remotely exploitable DoS in Tonic `\u003c=v0.12.2`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47609",
"datePublished": "2024-10-01T20:13:55.017Z",
"dateReserved": "2024-09-27T20:37:22.120Z",
"dateUpdated": "2024-11-21T16:56:13.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51502 (GCVE-0-2024-51502)
Vulnerability from cvelistv5 – Published: 2024-11-04 22:42 – Updated: 2024-11-21 16:24
VLAI
Title
Panic Vulnerability in loona-hpack
Summary
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/bearcove/loona/security/adviso… | x_refsource_CONFIRM |
| https://github.com/mlalic/hpack-rs/issues/11 | x_refsource_MISC |
| https://github.com/bearcove/loona/commit/9a4028ec… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51502",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T16:34:42.628355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:24:15.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "loona",
"vendor": "bearcove",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T22:42:29.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bearcove/loona/security/advisories/GHSA-7vm6-qwh5-9x44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bearcove/loona/security/advisories/GHSA-7vm6-qwh5-9x44"
},
{
"name": "https://github.com/mlalic/hpack-rs/issues/11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mlalic/hpack-rs/issues/11"
},
{
"name": "https://github.com/bearcove/loona/commit/9a4028ec6484f50a320281271a41a5040ddb1ba8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bearcove/loona/commit/9a4028ec6484f50a320281271a41a5040ddb1ba8"
}
],
"source": {
"advisory": "GHSA-7vm6-qwh5-9x44",
"discovery": "UNKNOWN"
},
"title": "Panic Vulnerability in loona-hpack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51502",
"datePublished": "2024-11-04T22:42:29.920Z",
"dateReserved": "2024-10-28T14:20:59.339Z",
"dateUpdated": "2024-11-21T16:24:15.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51744 (GCVE-0-2024-51744)
Vulnerability from cvelistv5 – Published: 2024-11-04 21:47 – Updated: 2024-11-05 16:11
VLAI
Title
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
Summary
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in "dangerous" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors ("dangerous" ones first), so that you are not running in the case detailed above.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/golang-jwt/jwt/security/adviso… | x_refsource_CONFIRM |
| https://github.com/golang-jwt/jwt/commit/7b1c1c00… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang-jwt | jwt |
Affected:
< 4.5.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T16:11:29.522504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:11:42.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jwt",
"vendor": "golang-jwt",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T21:47:12.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r"
},
{
"name": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"
}
],
"source": {
"advisory": "GHSA-29wx-vh33-7x7r",
"discovery": "UNKNOWN"
},
"title": "Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51744",
"datePublished": "2024-11-04T21:47:12.170Z",
"dateReserved": "2024-10-31T14:12:45.789Z",
"dateUpdated": "2024-11-05T16:11:42.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51766 (GCVE-0-2024-51766)
Vulnerability from cvelistv5 – Published: 2024-11-22 11:41 – Updated: 2024-11-26 14:20
VLAI
Title
HPE NonStop DISK UTIL, Local Denial of Service vulnerability
Summary
A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | HPE NonStop DISK UTIL |
Affected:
T9208L01 , < L Series T9208L01^ACL
(T9208L01)
Affected: T9208H01 , < J Series T9208H01^ACK (T9208H01) |
Date Public
2024-11-20 11:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T17:44:22.789471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:20:15.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "DISK UTIL",
"platforms": [
"HPE NonStop"
],
"product": "HPE NonStop DISK UTIL",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThan": "L Series T9208L01^ACL",
"status": "affected",
"version": "T9208L01",
"versionType": "T9208L01"
},
{
"lessThan": "J Series T9208H01^ACK",
"status": "affected",
"version": "T9208H01",
"versionType": "T9208H01"
}
]
}
],
"datePublic": "2024-11-20T11:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.\u003c/span\u003e"
}
],
"value": "A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series."
}
],
"impacts": [
{
"capecId": "CAPEC-624",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-624 Hardware Fault Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T11:41:42.072Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us\u0026docLocale=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please see security bulletin\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us\u0026amp;docLocale=en_US\"\u003ehttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us\u0026amp;docLocale=en_US\u003c/a\u003e"
}
],
"value": "Please see security bulletin\u00a0 https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNS04759",
"discovery": "INTERNAL"
},
"title": "HPE NonStop DISK UTIL, Local Denial of Service vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-51766",
"datePublished": "2024-11-22T11:41:42.072Z",
"dateReserved": "2024-11-01T14:42:12.298Z",
"dateUpdated": "2024-11-26T14:20:15.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52529 (GCVE-0-2024-52529)
Vulnerability from cvelistv5 – Published: 2024-11-25 18:49 – Updated: 2024-11-26 14:28
VLAI
Title
Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium
Summary
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cilium/cilium/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cilium/cilium/pull/35150 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cilium",
"vendor": "cilium",
"versions": [
{
"lessThan": "1.16.4",
"status": "affected",
"version": "1.16.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:27:46.184253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:28:59.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cilium",
"vendor": "cilium",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy\u0027s range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium\u0027s port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T18:49:15.616Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67"
},
{
"name": "https://github.com/cilium/cilium/pull/35150",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cilium/cilium/pull/35150"
}
],
"source": {
"advisory": "GHSA-xg58-75qf-9r67",
"discovery": "UNKNOWN"
},
"title": "Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52529",
"datePublished": "2024-11-25T18:49:15.616Z",
"dateReserved": "2024-11-11T18:49:23.561Z",
"dateUpdated": "2024-11-26T14:28:59.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53984 (GCVE-0-2024-53984)
Vulnerability from cvelistv5 – Published: 2024-12-02 15:54 – Updated: 2024-12-02 21:40
VLAI
Title
Nanopb does not release memory on error return when using PB_DECODE_DELIMITED
Summary
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nanopb/nanopb/security/advisor… | x_refsource_CONFIRM |
| https://github.com/nanopb/nanopb/commit/2b86c255a… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T21:39:54.790040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:40:02.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nanopb",
"vendor": "nanopb",
"versions": [
{
"status": "affected",
"version": "\u003e=0.4.0, \u003c 0.4.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T15:54:47.478Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nanopb/nanopb/security/advisories/GHSA-xwqq-qxmw-hj5r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nanopb/nanopb/security/advisories/GHSA-xwqq-qxmw-hj5r"
},
{
"name": "https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378"
}
],
"source": {
"advisory": "GHSA-xwqq-qxmw-hj5r",
"discovery": "UNKNOWN"
},
"title": "Nanopb does not release memory on error return when using PB_DECODE_DELIMITED"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53984",
"datePublished": "2024-12-02T15:54:47.478Z",
"dateReserved": "2024-11-25T23:14:36.380Z",
"dateUpdated": "2024-12-02T21:40:02.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6594 (GCVE-0-2024-6594)
Vulnerability from cvelistv5 – Published: 2024-09-25 11:22 – Updated: 2024-09-25 14:30
VLAI
Title
WatchGuard Firebox Single Sign-On Client Denial-of-Service
Summary
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.
This issue affects Single Sign-On Client: through 12.7.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Single Sign-On Client |
Affected:
0 , ≤ 12.7
(semver)
|
|
| watchguard | single_sign-on_client |
Affected:
0 , ≤ 12.7
(semver)
cpe:2.3:a:watchguard:single_sign-on_client:*:*:*:*:*:windows:*:* |
Date Public
2024-09-17 05:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:watchguard:single_sign-on_client:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "single_sign-on_client",
"vendor": "watchguard",
"versions": [
{
"lessThanOrEqual": "12.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:44:40.431549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:30:29.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Single Sign-On Client",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "12.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-09-17T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Single Sign-On Client: through 12.7.\u003c/p\u003e"
}
],
"value": "Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.\n\nThis issue affects Single Sign-On Client: through 12.7."
}
],
"impacts": [
{
"capecId": "CAPEC-227",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-227 Sustained Client Engagement"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T11:22:45.610Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WatchGuard Firebox Single Sign-On Client Denial-of-Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2024-6594",
"datePublished": "2024-09-25T11:22:45.610Z",
"dateReserved": "2024-07-09T02:09:05.229Z",
"dateUpdated": "2024-09-25T14:30:29.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8376 (GCVE-0-2024-8376)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-31 09:15
VLAI
Title
Memory leak
Summary
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://gitlab.eclipse.org/security/vulnerability… | issue-tracking |
| https://gitlab.eclipse.org/security/vulnerability… | issue-tracking |
| https://gitlab.eclipse.org/security/vulnerability… | issue-tracking |
| https://gitlab.eclipse.org/security/vulnerability… | issue-tracking |
| https://gitlab.eclipse.org/security/cve-assigneme… | vendor-advisory |
| https://github.com/eclipse/mosquitto/releases/tag… | patch |
| https://mosquitto.org/ | product |
| https://github.com/eclipse-mosquitto/mosquitto/co… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Mosquitto |
Affected:
2.0.18
Unaffected: 2.0.19 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T15:25:39.508033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:25:54.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "Mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "2.0.18"
},
{
"status": "unaffected",
"version": "2.0.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Roman Kraus (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen L\u00fcdtke (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Martin Schneider (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Ramon Barakat (Fraunhofer FOKUS)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.\u003cbr\u003e"
}
],
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:15:30.149Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"tags": [
"product"
],
"url": "https://mosquitto.org/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Memory leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8376",
"datePublished": "2024-10-11T15:18:54.142Z",
"dateReserved": "2024-09-02T13:50:51.894Z",
"dateUpdated": "2024-10-31T09:15:30.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9413 (GCVE-0-2024-9413)
Vulnerability from cvelistv5 – Published: 2024-11-13 16:09 – Updated: 2024-11-27 15:35
VLAI
Summary
The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Arm | SCP-Firmware |
Affected:
2.11.0 , ≤ 2.15.0
(semver)
|
|
| arm | scp-firmware |
Affected:
2.11.0 , ≤ 2.15.0
(semver)
cpe:2.3:o:arm:scp-firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arm:scp-firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "scp-firmware",
"vendor": "arm",
"versions": [
{
"lessThanOrEqual": "2.15.0",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:31:53.988809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:35:14.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SCP-Firmware",
"vendor": "Arm",
"versions": [
{
"lessThanOrEqual": "2.15.0",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.\u003cbr\u003e"
}
],
"value": "The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T16:09:26.331Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2024-9413",
"datePublished": "2024-11-13T16:09:26.331Z",
"dateReserved": "2024-10-01T17:18:17.019Z",
"dateUpdated": "2024-11-27T15:35:14.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.