CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
CVE-2024-10829 (GCVE-0-2024-10829)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-10-15 12:50
VLAI
Title
Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt
Summary
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| eosphoros-ai | eosphoros-ai/db-gpt |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10829",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:52:51.599342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:33:54.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "eosphoros-ai/db-gpt",
"vendor": "eosphoros-ai",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:11.331Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4"
}
],
"source": {
"advisory": "e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4",
"discovery": "EXTERNAL"
},
"title": "Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-10829",
"datePublished": "2025-03-20T10:09:50.524Z",
"dateReserved": "2024-11-04T22:30:12.383Z",
"dateUpdated": "2025-10-15T12:50:11.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10907 (GCVE-0-2024-10907)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-10-15 12:50
VLAI
Title
Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat
Summary
In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| lm-sys | lm-sys/fastchat |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10907",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:52:00.670067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:24:20.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lm-sys/fastchat",
"vendor": "lm-sys",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:14.123Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/bf3ca81d-3508-4455-95d9-0b653e46d6e4"
}
],
"source": {
"advisory": "bf3ca81d-3508-4455-95d9-0b653e46d6e4",
"discovery": "EXTERNAL"
},
"title": "Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-10907",
"datePublished": "2025-03-20T10:10:13.852Z",
"dateReserved": "2024-11-05T22:25:53.642Z",
"dateUpdated": "2025-10-15T12:50:14.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11097 (GCVE-0-2024-11097)
Vulnerability from cvelistv5 – Published: 2024-11-12 02:00 – Updated: 2024-11-12 15:57
VLAI
Title
SourceCodester Student Record Management System Main Menu infinite loop
Summary
A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.283918 | vdb-entry |
| https://vuldb.com/?ctiid.283918 | signaturepermissions-required |
| https://vuldb.com/?submit.441237 | third-party-advisory |
| https://github.com/Hacker0xone/CVE/issues/5 | exploitissue-tracking |
| https://www.sourcecodester.com/ | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Student Record Management System |
Affected:
1.0
|
|
| sourcecodester | student_record_management_system |
Affected:
1.0
cpe:2.3:a:sourcecodester:student_record_management_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:student_record_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "student_record_management_system",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:55:23.721965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:57:10.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Main Menu"
],
"product": "Student Record Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "polaris0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In SourceCodester Student Record Management System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Main Menu. Durch Manipulieren mit unbekannten Daten kann eine infinite loop-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Infinite Loop",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T02:00:13.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283918 | SourceCodester Student Record Management System Main Menu infinite loop",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.283918"
},
{
"name": "VDB-283918 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283918"
},
{
"name": "Submit #441237 | SourceCodester Student Record Management System in C++ with Source Code V1.0 Input Buffer Pollution Vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.441237"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hacker0xone/CVE/issues/5"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-11T21:28:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Student Record Management System Main Menu infinite loop"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11097",
"datePublished": "2024-11-12T02:00:13.839Z",
"dateReserved": "2024-11-11T20:23:06.166Z",
"dateUpdated": "2024-11-12T15:57:10.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11595 (GCVE-0-2024-11595)
Vulnerability from cvelistv5 – Published: 2024-11-21 09:30 – Updated: 2026-03-27 13:56
VLAI
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-… | |
| https://gitlab.com/wireshark/wireshark/-/issues/20176 | issue-trackingpermissions-required |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.2
(semver)
Affected: 4.2.0 , < 4.2.9 (semver) |
|
| wireshark | wireshark |
Affected:
4.4.0 , < 4.4.2
(semver)
Affected: 4.2.0 , < 4.2.9 (semver) cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T15:14:41.363050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:16:02.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:56.978Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-14.html"
},
{
"name": "GitLab Issue #20176",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20176"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.2, 4.2.9 or above."
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-11595",
"datePublished": "2024-11-21T09:30:54.899Z",
"dateReserved": "2024-11-21T09:30:45.415Z",
"dateUpdated": "2026-03-27T13:56:56.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11612 (GCVE-0-2024-11612)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:22 – Updated: 2024-11-26 15:13
VLAI
Title
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability
Summary
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Date Public
2024-11-21 21:23
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:12:13.757081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:13:29.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "7-Zip",
"vendor": "7-Zip",
"versions": [
{
"status": "affected",
"version": "24.06"
}
]
}
],
"dateAssigned": "2024-11-21T20:34:17.572Z",
"datePublic": "2024-11-21T21:23:18.351Z",
"descriptions": [
{
"lang": "en",
"value": "7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:22:10.629Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1606",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1606/"
}
],
"source": {
"lang": "en",
"value": "2ourc3"
},
"title": "7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11612",
"datePublished": "2024-11-22T20:22:10.629Z",
"dateReserved": "2024-11-21T20:34:17.530Z",
"dateUpdated": "2024-11-26T15:13:29.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11941 (GCVE-0-2024-11941)
Vulnerability from cvelistv5 – Published: 2024-12-05 14:39 – Updated: 2024-12-05 15:45
VLAI
Title
Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001
Summary
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Drupal Core |
Affected:
10.2.0 , < 10.2.2
(semver)
Affected: 10.1.0 , < 10.1.8 (semver) |
|
| drupal | drupal_core |
Affected:
10.1.0 , < 10.1.8
(semver)
Affected: 10.2.0 , < 10.2.2 (semver) cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:* |
Date Public
2024-01-18 00:55
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "drupal_core",
"vendor": "drupal",
"versions": [
{
"lessThan": "10.1.8",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:42:55.345848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:45:37.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/drupal",
"defaultStatus": "unaffected",
"product": "Drupal Core",
"repo": "https://git.drupalcode.org/project/drupal",
"vendor": "Drupal",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThan": "10.1.8",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Antonenko"
},
{
"lang": "en",
"type": "finder",
"value": "Doug Green"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lee Rowlands"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Benji Fisher"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "remediation developer",
"value": "xjm"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lauri Eskola"
}
],
"datePublic": "2024-01-18T00:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Drupal Core allows Excessive Allocation.\u003cp\u003eThis issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.\u003c/p\u003e"
}
],
"value": "A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:42:54.935Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-core-2024-001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-11941",
"datePublished": "2024-12-05T14:39:37.975Z",
"dateReserved": "2024-11-27T23:11:59.375Z",
"dateUpdated": "2024-12-05T15:45:37.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12704 (GCVE-0-2024-12704)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-10-15 12:50
VLAI
Title
Denial of Service (DoS) in run-llama/llama_index
Summary
A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| run-llama | run-llama/llama_index |
Affected:
unspecified , < 0.12.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:54:16.910026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:58:07.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "run-llama/llama_index",
"vendor": "run-llama",
"versions": [
{
"lessThan": "0.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:18.666Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"
},
{
"url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"
}
],
"source": {
"advisory": "a0b638fd-21c6-4ba7-b381-6ab98472a02a",
"discovery": "EXTERNAL"
},
"title": "Denial of Service (DoS) in run-llama/llama_index"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12704",
"datePublished": "2025-03-20T10:09:06.689Z",
"dateReserved": "2024-12-17T10:58:19.646Z",
"dateUpdated": "2025-10-15T12:50:18.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1931 (GCVE-0-2024-1931)
Vulnerability from cvelistv5 – Published: 2024-03-07 09:17 – Updated: 2025-02-13 17:32
VLAI
Title
Denial of service when trimming EDE text on positive replies
Summary
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | Unbound |
Affected:
1.18.0 , < 1.19.2
(semver)
|
|
| nlnetlabs | unbound |
Affected:
1.18.0 , < 1.19.2
(custom)
cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:* |
Date Public
2024-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unbound",
"vendor": "nlnetlabs",
"versions": [
{
"lessThan": "1.19.2",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:41:49.748390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:43:00.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "1.19.2",
"status": "affected",
"version": "1.18.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fredrik Pettai, SUNET"
},
{
"lang": "en",
"type": "finder",
"value": "Patrik Lundin, SUNET"
}
],
"datePublic": "2024-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client\u0027s advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client\u0027s buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the \u0027ede: yes\u0027 option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "\u0027ede: yes\u0027 option set"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T16:05:59.717Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 1.19.2 and all later versions. For the vulnerable versions 1.18.0 up to and including 1.19.1, the option \u0027ede: no\u0027 (default configuration) is also a solution as it does not exercise the vulnerable code path."
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-17T00:00:00.000Z",
"value": "Issue reported by SUNET"
},
{
"lang": "en",
"time": "2024-02-19T00:00:00.000Z",
"value": "Issue acknowledged by NLnet Labs"
},
{
"lang": "en",
"time": "2021-09-22T00:00:00.000Z",
"value": "Mitigation shared with SUNET"
},
{
"lang": "en",
"time": "2024-03-07T00:00:00.000Z",
"value": "Fixes released with Unbound 1.19.2"
}
],
"title": "Denial of service when trimming EDE text on positive replies"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2024-1931",
"datePublished": "2024-03-07T09:17:13.072Z",
"dateReserved": "2024-02-27T13:43:18.777Z",
"dateUpdated": "2025-02-13T17:32:27.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20353 (GCVE-0-2024-20353)
Vulnerability from cvelistv5 – Published: 2024-04-24 18:15 – Updated: 2025-10-21 23:05
VLAI
Summary
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Severity
8.6 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/c… | |
| https://blog.talosintelligence.com/arcanedoor-new… | exploit |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Affected:
9.8.1
Affected: 9.8.1.5 Affected: 9.8.1.7 Affected: 9.8.2 Affected: 9.8.2.8 Affected: 9.8.2.14 Affected: 9.8.2.15 Affected: 9.8.2.17 Affected: 9.8.2.20 Affected: 9.8.2.24 Affected: 9.8.2.26 Affected: 9.8.2.28 Affected: 9.8.2.33 Affected: 9.8.2.35 Affected: 9.8.2.38 Affected: 9.8.3.8 Affected: 9.8.3.11 Affected: 9.8.3.14 Affected: 9.8.3.16 Affected: 9.8.3.18 Affected: 9.8.3.21 Affected: 9.8.3 Affected: 9.8.3.26 Affected: 9.8.3.29 Affected: 9.8.4 Affected: 9.8.4.3 Affected: 9.8.4.7 Affected: 9.8.4.8 Affected: 9.8.4.10 Affected: 9.8.4.12 Affected: 9.8.4.15 Affected: 9.8.4.17 Affected: 9.8.4.25 Affected: 9.8.4.20 Affected: 9.8.4.22 Affected: 9.8.4.26 Affected: 9.8.4.29 Affected: 9.8.4.32 Affected: 9.8.4.33 Affected: 9.8.4.34 Affected: 9.8.4.35 Affected: 9.8.4.39 Affected: 9.8.4.40 Affected: 9.8.4.41 Affected: 9.8.4.43 Affected: 9.8.4.44 Affected: 9.8.4.45 Affected: 9.8.4.46 Affected: 9.8.4.48 Affected: 9.12.1 Affected: 9.12.1.2 Affected: 9.12.1.3 Affected: 9.12.2 Affected: 9.12.2.4 Affected: 9.12.2.5 Affected: 9.12.2.9 Affected: 9.12.3 Affected: 9.12.3.2 Affected: 9.12.3.7 Affected: 9.12.4 Affected: 9.12.3.12 Affected: 9.12.3.9 Affected: 9.12.2.1 Affected: 9.12.4.2 Affected: 9.12.4.4 Affected: 9.12.4.7 Affected: 9.12.4.10 Affected: 9.12.4.13 Affected: 9.12.4.8 Affected: 9.12.4.18 Affected: 9.12.4.24 Affected: 9.12.4.26 Affected: 9.12.4.29 Affected: 9.12.4.30 Affected: 9.12.4.35 Affected: 9.12.4.37 Affected: 9.12.4.38 Affected: 9.12.4.39 Affected: 9.12.4.40 Affected: 9.12.4.41 Affected: 9.12.4.47 Affected: 9.12.4.48 Affected: 9.12.4.50 Affected: 9.12.4.52 Affected: 9.12.4.54 Affected: 9.12.4.55 Affected: 9.12.4.56 Affected: 9.12.4.58 Affected: 9.12.4.62 Affected: 9.12.4.65 Affected: 9.14.1 Affected: 9.14.1.10 Affected: 9.14.1.6 Affected: 9.14.1.15 Affected: 9.14.1.19 Affected: 9.14.1.30 Affected: 9.14.2 Affected: 9.14.2.4 Affected: 9.14.2.8 Affected: 9.14.2.13 Affected: 9.14.2.15 Affected: 9.14.3 Affected: 9.14.3.1 Affected: 9.14.3.9 Affected: 9.14.3.11 Affected: 9.14.3.13 Affected: 9.14.3.18 Affected: 9.14.3.15 Affected: 9.14.4 Affected: 9.14.4.6 Affected: 9.14.4.7 Affected: 9.14.4.12 Affected: 9.14.4.13 Affected: 9.14.4.14 Affected: 9.14.4.15 Affected: 9.14.4.17 Affected: 9.14.4.22 Affected: 9.14.4.23 Affected: 9.15.1 Affected: 9.15.1.7 Affected: 9.15.1.10 Affected: 9.15.1.15 Affected: 9.15.1.16 Affected: 9.15.1.17 Affected: 9.15.1.1 Affected: 9.15.1.21 Affected: 9.16.1 Affected: 9.16.1.28 Affected: 9.16.2 Affected: 9.16.2.3 Affected: 9.16.2.7 Affected: 9.16.2.11 Affected: 9.16.2.13 Affected: 9.16.2.14 Affected: 9.16.3 Affected: 9.16.3.3 Affected: 9.16.3.14 Affected: 9.16.3.15 Affected: 9.16.3.19 Affected: 9.16.3.23 Affected: 9.16.4 Affected: 9.16.4.9 Affected: 9.16.4.14 Affected: 9.16.4.18 Affected: 9.16.4.19 Affected: 9.16.4.27 Affected: 9.16.4.38 Affected: 9.16.4.39 Affected: 9.16.4.42 Affected: 9.16.4.48 Affected: 9.16.4.55 Affected: 9.17.1 Affected: 9.17.1.7 Affected: 9.17.1.9 Affected: 9.17.1.10 Affected: 9.17.1.11 Affected: 9.17.1.13 Affected: 9.17.1.15 Affected: 9.17.1.20 Affected: 9.17.1.30 Affected: 9.17.1.33 Affected: 9.18.1 Affected: 9.18.1.3 Affected: 9.18.2 Affected: 9.18.2.5 Affected: 9.18.2.7 Affected: 9.18.2.8 Affected: 9.18.3 Affected: 9.18.3.39 Affected: 9.18.3.46 Affected: 9.18.3.53 Affected: 9.18.3.55 Affected: 9.18.3.56 Affected: 9.18.4 Affected: 9.18.4.5 Affected: 9.18.4.8 Affected: 9.19.1 Affected: 9.19.1.5 Affected: 9.19.1.9 Affected: 9.19.1.12 Affected: 9.19.1.18 Affected: 9.19.1.22 Affected: 9.19.1.24 Affected: 9.19.1.27 Affected: 9.20.1 Affected: 9.20.1.5 Affected: 9.20.2 |
|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
6.2.3
Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.2.3.6 Affected: 6.2.3.7 Affected: 6.2.3.8 Affected: 6.2.3.10 Affected: 6.2.3.11 Affected: 6.2.3.9 Affected: 6.2.3.12 Affected: 6.2.3.13 Affected: 6.2.3.14 Affected: 6.2.3.15 Affected: 6.2.3.16 Affected: 6.2.3.17 Affected: 6.2.3.18 Affected: 6.6.0 Affected: 6.6.0.1 Affected: 6.6.1 Affected: 6.6.3 Affected: 6.6.4 Affected: 6.6.5 Affected: 6.6.5.1 Affected: 6.6.5.2 Affected: 6.6.7 Affected: 6.6.7.1 Affected: 6.4.0 Affected: 6.4.0.1 Affected: 6.4.0.3 Affected: 6.4.0.2 Affected: 6.4.0.4 Affected: 6.4.0.5 Affected: 6.4.0.6 Affected: 6.4.0.7 Affected: 6.4.0.8 Affected: 6.4.0.9 Affected: 6.4.0.10 Affected: 6.4.0.11 Affected: 6.4.0.12 Affected: 6.4.0.13 Affected: 6.4.0.14 Affected: 6.4.0.15 Affected: 6.4.0.16 Affected: 6.4.0.17 Affected: 6.7.0 Affected: 6.7.0.1 Affected: 6.7.0.2 Affected: 6.7.0.3 Affected: 7.0.0 Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.0.1.1 Affected: 7.0.2 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.0.4 Affected: 7.0.5 Affected: 7.0.6 Affected: 7.0.6.1 Affected: 7.1.0 Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.2.0 Affected: 7.2.0.1 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.2.4 Affected: 7.2.4.1 Affected: 7.2.5 Affected: 7.2.5.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.3.1.1 Affected: 7.4.0 Affected: 7.4.1 |
|
| cisco | asa |
Affected:
9.8.1 , ≤ 9.8.4.48
(custom)
cpe:2.3:a:cisco:asa:9.8.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.12.1 , ≤ 9.12.4.65
(custom)
cpe:2.3:a:cisco:asa:9.12.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.14.1 , < 9.14.4.23
(custom)
cpe:2.3:a:cisco:asa:9.14.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.15.1 , ≤ 9.15.1.21
(custom)
cpe:2.3:a:cisco:asa:9.15.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.16.1 , ≤ 9.16.4.55
(custom)
cpe:2.3:a:cisco:asa:9.16.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.17.1 , ≤ 9.17.1.33
(custom)
cpe:2.3:a:cisco:asa:9.17.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.18.1 , ≤ 9.18.4.8
(custom)
cpe:2.3:a:cisco:asa:9.18.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.19.1 , ≤ 9.19.1.27
(custom)
cpe:2.3:a:cisco:asa:9.19.1:*:*:*:*:*:*:* |
|
| cisco | asa |
Affected:
9.20.1 , ≤ 9.20.2
(custom)
cpe:2.3:a:cisco:asa:9.20.1:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
6.2.3 , ≤ 6.2.3.18
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
6.6.0 , ≤ 6.6.7.1
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:6.6.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
6.4.0 , ≤ 6.4.0.17
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
6.7.0 , ≤ 6.7.0.3
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:6.7.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
7.0.0 , ≤ 7.0.6
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:7.0.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
7.1.0 , ≤ 7.1.0.3
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:7.1.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
7.2.0 , ≤ 7.2.4.1
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
7.3.0 , ≤ 7.3.1.1
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.0:*:*:*:*:*:*:* |
|
| cisco | firepower_threat_defense_software |
Affected:
7.4.0 , ≤ 7.4.1
(custom)
cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.8.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.8.4.48",
"status": "affected",
"version": "9.8.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.12.4.65",
"status": "affected",
"version": "9.12.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.14.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThan": "9.14.4.23",
"status": "affected",
"version": "9.14.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.15.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.15.1.21",
"status": "affected",
"version": "9.15.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.16.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.16.4.55",
"status": "affected",
"version": "9.16.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.17.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.17.1.33",
"status": "affected",
"version": "9.17.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.18.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.18.4.8",
"status": "affected",
"version": "9.18.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.19.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.19.1.27",
"status": "affected",
"version": "9.19.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:asa:9.20.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asa",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "9.20.2",
"status": "affected",
"version": "9.20.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "6.2.3.18",
"status": "affected",
"version": "6.2.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:6.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "6.6.7.1",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "6.4.0.17",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:6.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "6.7.0.3",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:7.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.1.0.3",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.2.4.1",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.3.1.1",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20353",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T20:02:41.285934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-04-24",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20353"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:20.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20353"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-24T00:00:00.000Z",
"value": "CVE-2024-20353 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-asaftd-websrvs-dos-X8gNucD2",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.8.1"
},
{
"status": "affected",
"version": "9.8.1.5"
},
{
"status": "affected",
"version": "9.8.1.7"
},
{
"status": "affected",
"version": "9.8.2"
},
{
"status": "affected",
"version": "9.8.2.8"
},
{
"status": "affected",
"version": "9.8.2.14"
},
{
"status": "affected",
"version": "9.8.2.15"
},
{
"status": "affected",
"version": "9.8.2.17"
},
{
"status": "affected",
"version": "9.8.2.20"
},
{
"status": "affected",
"version": "9.8.2.24"
},
{
"status": "affected",
"version": "9.8.2.26"
},
{
"status": "affected",
"version": "9.8.2.28"
},
{
"status": "affected",
"version": "9.8.2.33"
},
{
"status": "affected",
"version": "9.8.2.35"
},
{
"status": "affected",
"version": "9.8.2.38"
},
{
"status": "affected",
"version": "9.8.3.8"
},
{
"status": "affected",
"version": "9.8.3.11"
},
{
"status": "affected",
"version": "9.8.3.14"
},
{
"status": "affected",
"version": "9.8.3.16"
},
{
"status": "affected",
"version": "9.8.3.18"
},
{
"status": "affected",
"version": "9.8.3.21"
},
{
"status": "affected",
"version": "9.8.3"
},
{
"status": "affected",
"version": "9.8.3.26"
},
{
"status": "affected",
"version": "9.8.3.29"
},
{
"status": "affected",
"version": "9.8.4"
},
{
"status": "affected",
"version": "9.8.4.3"
},
{
"status": "affected",
"version": "9.8.4.7"
},
{
"status": "affected",
"version": "9.8.4.8"
},
{
"status": "affected",
"version": "9.8.4.10"
},
{
"status": "affected",
"version": "9.8.4.12"
},
{
"status": "affected",
"version": "9.8.4.15"
},
{
"status": "affected",
"version": "9.8.4.17"
},
{
"status": "affected",
"version": "9.8.4.25"
},
{
"status": "affected",
"version": "9.8.4.20"
},
{
"status": "affected",
"version": "9.8.4.22"
},
{
"status": "affected",
"version": "9.8.4.26"
},
{
"status": "affected",
"version": "9.8.4.29"
},
{
"status": "affected",
"version": "9.8.4.32"
},
{
"status": "affected",
"version": "9.8.4.33"
},
{
"status": "affected",
"version": "9.8.4.34"
},
{
"status": "affected",
"version": "9.8.4.35"
},
{
"status": "affected",
"version": "9.8.4.39"
},
{
"status": "affected",
"version": "9.8.4.40"
},
{
"status": "affected",
"version": "9.8.4.41"
},
{
"status": "affected",
"version": "9.8.4.43"
},
{
"status": "affected",
"version": "9.8.4.44"
},
{
"status": "affected",
"version": "9.8.4.45"
},
{
"status": "affected",
"version": "9.8.4.46"
},
{
"status": "affected",
"version": "9.8.4.48"
},
{
"status": "affected",
"version": "9.12.1"
},
{
"status": "affected",
"version": "9.12.1.2"
},
{
"status": "affected",
"version": "9.12.1.3"
},
{
"status": "affected",
"version": "9.12.2"
},
{
"status": "affected",
"version": "9.12.2.4"
},
{
"status": "affected",
"version": "9.12.2.5"
},
{
"status": "affected",
"version": "9.12.2.9"
},
{
"status": "affected",
"version": "9.12.3"
},
{
"status": "affected",
"version": "9.12.3.2"
},
{
"status": "affected",
"version": "9.12.3.7"
},
{
"status": "affected",
"version": "9.12.4"
},
{
"status": "affected",
"version": "9.12.3.12"
},
{
"status": "affected",
"version": "9.12.3.9"
},
{
"status": "affected",
"version": "9.12.2.1"
},
{
"status": "affected",
"version": "9.12.4.2"
},
{
"status": "affected",
"version": "9.12.4.4"
},
{
"status": "affected",
"version": "9.12.4.7"
},
{
"status": "affected",
"version": "9.12.4.10"
},
{
"status": "affected",
"version": "9.12.4.13"
},
{
"status": "affected",
"version": "9.12.4.8"
},
{
"status": "affected",
"version": "9.12.4.18"
},
{
"status": "affected",
"version": "9.12.4.24"
},
{
"status": "affected",
"version": "9.12.4.26"
},
{
"status": "affected",
"version": "9.12.4.29"
},
{
"status": "affected",
"version": "9.12.4.30"
},
{
"status": "affected",
"version": "9.12.4.35"
},
{
"status": "affected",
"version": "9.12.4.37"
},
{
"status": "affected",
"version": "9.12.4.38"
},
{
"status": "affected",
"version": "9.12.4.39"
},
{
"status": "affected",
"version": "9.12.4.40"
},
{
"status": "affected",
"version": "9.12.4.41"
},
{
"status": "affected",
"version": "9.12.4.47"
},
{
"status": "affected",
"version": "9.12.4.48"
},
{
"status": "affected",
"version": "9.12.4.50"
},
{
"status": "affected",
"version": "9.12.4.52"
},
{
"status": "affected",
"version": "9.12.4.54"
},
{
"status": "affected",
"version": "9.12.4.55"
},
{
"status": "affected",
"version": "9.12.4.56"
},
{
"status": "affected",
"version": "9.12.4.58"
},
{
"status": "affected",
"version": "9.12.4.62"
},
{
"status": "affected",
"version": "9.12.4.65"
},
{
"status": "affected",
"version": "9.14.1"
},
{
"status": "affected",
"version": "9.14.1.10"
},
{
"status": "affected",
"version": "9.14.1.6"
},
{
"status": "affected",
"version": "9.14.1.15"
},
{
"status": "affected",
"version": "9.14.1.19"
},
{
"status": "affected",
"version": "9.14.1.30"
},
{
"status": "affected",
"version": "9.14.2"
},
{
"status": "affected",
"version": "9.14.2.4"
},
{
"status": "affected",
"version": "9.14.2.8"
},
{
"status": "affected",
"version": "9.14.2.13"
},
{
"status": "affected",
"version": "9.14.2.15"
},
{
"status": "affected",
"version": "9.14.3"
},
{
"status": "affected",
"version": "9.14.3.1"
},
{
"status": "affected",
"version": "9.14.3.9"
},
{
"status": "affected",
"version": "9.14.3.11"
},
{
"status": "affected",
"version": "9.14.3.13"
},
{
"status": "affected",
"version": "9.14.3.18"
},
{
"status": "affected",
"version": "9.14.3.15"
},
{
"status": "affected",
"version": "9.14.4"
},
{
"status": "affected",
"version": "9.14.4.6"
},
{
"status": "affected",
"version": "9.14.4.7"
},
{
"status": "affected",
"version": "9.14.4.12"
},
{
"status": "affected",
"version": "9.14.4.13"
},
{
"status": "affected",
"version": "9.14.4.14"
},
{
"status": "affected",
"version": "9.14.4.15"
},
{
"status": "affected",
"version": "9.14.4.17"
},
{
"status": "affected",
"version": "9.14.4.22"
},
{
"status": "affected",
"version": "9.14.4.23"
},
{
"status": "affected",
"version": "9.15.1"
},
{
"status": "affected",
"version": "9.15.1.7"
},
{
"status": "affected",
"version": "9.15.1.10"
},
{
"status": "affected",
"version": "9.15.1.15"
},
{
"status": "affected",
"version": "9.15.1.16"
},
{
"status": "affected",
"version": "9.15.1.17"
},
{
"status": "affected",
"version": "9.15.1.1"
},
{
"status": "affected",
"version": "9.15.1.21"
},
{
"status": "affected",
"version": "9.16.1"
},
{
"status": "affected",
"version": "9.16.1.28"
},
{
"status": "affected",
"version": "9.16.2"
},
{
"status": "affected",
"version": "9.16.2.3"
},
{
"status": "affected",
"version": "9.16.2.7"
},
{
"status": "affected",
"version": "9.16.2.11"
},
{
"status": "affected",
"version": "9.16.2.13"
},
{
"status": "affected",
"version": "9.16.2.14"
},
{
"status": "affected",
"version": "9.16.3"
},
{
"status": "affected",
"version": "9.16.3.3"
},
{
"status": "affected",
"version": "9.16.3.14"
},
{
"status": "affected",
"version": "9.16.3.15"
},
{
"status": "affected",
"version": "9.16.3.19"
},
{
"status": "affected",
"version": "9.16.3.23"
},
{
"status": "affected",
"version": "9.16.4"
},
{
"status": "affected",
"version": "9.16.4.9"
},
{
"status": "affected",
"version": "9.16.4.14"
},
{
"status": "affected",
"version": "9.16.4.18"
},
{
"status": "affected",
"version": "9.16.4.19"
},
{
"status": "affected",
"version": "9.16.4.27"
},
{
"status": "affected",
"version": "9.16.4.38"
},
{
"status": "affected",
"version": "9.16.4.39"
},
{
"status": "affected",
"version": "9.16.4.42"
},
{
"status": "affected",
"version": "9.16.4.48"
},
{
"status": "affected",
"version": "9.16.4.55"
},
{
"status": "affected",
"version": "9.17.1"
},
{
"status": "affected",
"version": "9.17.1.7"
},
{
"status": "affected",
"version": "9.17.1.9"
},
{
"status": "affected",
"version": "9.17.1.10"
},
{
"status": "affected",
"version": "9.17.1.11"
},
{
"status": "affected",
"version": "9.17.1.13"
},
{
"status": "affected",
"version": "9.17.1.15"
},
{
"status": "affected",
"version": "9.17.1.20"
},
{
"status": "affected",
"version": "9.17.1.30"
},
{
"status": "affected",
"version": "9.17.1.33"
},
{
"status": "affected",
"version": "9.18.1"
},
{
"status": "affected",
"version": "9.18.1.3"
},
{
"status": "affected",
"version": "9.18.2"
},
{
"status": "affected",
"version": "9.18.2.5"
},
{
"status": "affected",
"version": "9.18.2.7"
},
{
"status": "affected",
"version": "9.18.2.8"
},
{
"status": "affected",
"version": "9.18.3"
},
{
"status": "affected",
"version": "9.18.3.39"
},
{
"status": "affected",
"version": "9.18.3.46"
},
{
"status": "affected",
"version": "9.18.3.53"
},
{
"status": "affected",
"version": "9.18.3.55"
},
{
"status": "affected",
"version": "9.18.3.56"
},
{
"status": "affected",
"version": "9.18.4"
},
{
"status": "affected",
"version": "9.18.4.5"
},
{
"status": "affected",
"version": "9.18.4.8"
},
{
"status": "affected",
"version": "9.19.1"
},
{
"status": "affected",
"version": "9.19.1.5"
},
{
"status": "affected",
"version": "9.19.1.9"
},
{
"status": "affected",
"version": "9.19.1.12"
},
{
"status": "affected",
"version": "9.19.1.18"
},
{
"status": "affected",
"version": "9.19.1.22"
},
{
"status": "affected",
"version": "9.19.1.24"
},
{
"status": "affected",
"version": "9.19.1.27"
},
{
"status": "affected",
"version": "9.20.1"
},
{
"status": "affected",
"version": "9.20.1.5"
},
{
"status": "affected",
"version": "9.20.2"
}
]
},
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.3.6"
},
{
"status": "affected",
"version": "6.2.3.7"
},
{
"status": "affected",
"version": "6.2.3.8"
},
{
"status": "affected",
"version": "6.2.3.10"
},
{
"status": "affected",
"version": "6.2.3.11"
},
{
"status": "affected",
"version": "6.2.3.9"
},
{
"status": "affected",
"version": "6.2.3.12"
},
{
"status": "affected",
"version": "6.2.3.13"
},
{
"status": "affected",
"version": "6.2.3.14"
},
{
"status": "affected",
"version": "6.2.3.15"
},
{
"status": "affected",
"version": "6.2.3.16"
},
{
"status": "affected",
"version": "6.2.3.17"
},
{
"status": "affected",
"version": "6.2.3.18"
},
{
"status": "affected",
"version": "6.6.0"
},
{
"status": "affected",
"version": "6.6.0.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "6.6.5"
},
{
"status": "affected",
"version": "6.6.5.1"
},
{
"status": "affected",
"version": "6.6.5.2"
},
{
"status": "affected",
"version": "6.6.7"
},
{
"status": "affected",
"version": "6.6.7.1"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "6.4.0.13"
},
{
"status": "affected",
"version": "6.4.0.14"
},
{
"status": "affected",
"version": "6.4.0.15"
},
{
"status": "affected",
"version": "6.4.0.16"
},
{
"status": "affected",
"version": "6.4.0.17"
},
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "6.7.0.1"
},
{
"status": "affected",
"version": "6.7.0.2"
},
{
"status": "affected",
"version": "6.7.0.3"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.0.6"
},
{
"status": "affected",
"version": "7.0.6.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads."
}
],
"exploits": [
{
"lang": "en",
"value": "Cisco has confirmed that this vulnerability has been exploited. Cisco strongly recommends that customers upgrade to fixed software to resolve this vulnerability. Customers are also strongly encouraged to monitor system logs for indicators of undocumented configuration changes, unscheduled reboots, and any anomalous credential activity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T18:15:57.646Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-asaftd-websrvs-dos-X8gNucD2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2"
}
],
"source": {
"advisory": "cisco-sa-asaftd-websrvs-dos-X8gNucD2",
"defects": [
"CSCwj10955"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20353",
"datePublished": "2024-04-24T18:15:57.646Z",
"dateReserved": "2023-11-08T15:08:07.647Z",
"dateUpdated": "2025-10-21T23:05:20.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21408 (GCVE-0-2024-21408)
Vulnerability from cvelistv5 – Published: 2024-03-12 16:57 – Updated: 2025-05-03 00:46
VLAI
Title
Windows Hyper-V Denial of Service Vulnerability
Summary
Windows Hyper-V Denial of Service Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.5576
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.5576
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.5576
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.2340
(custom)
|
|
| Microsoft | Windows 11 version 21H2 |
Affected:
10.0.0 , < 10.0.22000.2836
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19043.0 , < 10.0.19044.4170
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.3296
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.4170
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.3296
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.3296
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.763
(custom)
|
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.20526
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.6796
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.6796
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.6796
(custom)
|
Date Public
2024-03-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T19:02:18.986572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:16:41.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Windows Hyper-V Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5576",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5576",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5576",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.2340",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2836",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.4170",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.3296",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.4170",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3296",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3296",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.763",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20526",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6796",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6796",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6796",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5576",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20526",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6796",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-03-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows Hyper-V Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:46:54.779Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Hyper-V Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408"
}
],
"title": "Windows Hyper-V Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21408",
"datePublished": "2024-03-12T16:57:59.748Z",
"dateReserved": "2023-12-08T22:45:21.299Z",
"dateUpdated": "2025-05-03T00:46:54.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.