CWE-1384
Improper Handling of Physical or Environmental Conditions
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
CVE-2024-39355 (GCVE-0-2024-39355)
Vulnerability from cvelistv5
Published
2025-02-12 21:19
Modified
2025-02-13 15:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
- CWE-1384 - Improper Handling of Physical or Environmental Conditions
Summary
Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39355", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-13T15:12:11.833665Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-13T15:12:23.143Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en" }, { "cweId": "CWE-1384", "description": "Improper Handling of Physical or Environmental Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-12T21:19:39.378Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-39355", "datePublished": "2025-02-12T21:19:39.378Z", "dateReserved": "2024-08-15T03:00:10.598Z", "dateUpdated": "2025-02-13T15:12:23.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-52557 (GCVE-0-2025-52557)
Vulnerability from cvelistv5
Published
2025-06-21 01:42
Modified
2025-06-23 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1384 - Improper Handling of Physical or Environmental Conditions
Summary
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-52557", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-23T17:41:13.338469Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-23T17:41:29.958Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Zero", "vendor": "Mail-0", "versions": [ { "status": "affected", "version": "= 0.8" } ] } ], "descriptions": [ { "lang": "en", "value": "Mail-0\u0027s Zero is an open-source email solution. In version 0.8 it\u0027s possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81." } ], "metrics": [ { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1384", "description": "CWE-1384: Improper Handling of Physical or Environmental Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-21T01:42:23.004Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85" }, { "name": "https://github.com/Mail-0/Zero/pull/1386", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Mail-0/Zero/pull/1386" }, { "name": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f" } ], "source": { "advisory": "GHSA-34gh-g567-hq85", "discovery": "UNKNOWN" }, "title": "Mail-0 Zero Session Hijacking Via Email" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-52557", "datePublished": "2025-06-21T01:42:23.004Z", "dateReserved": "2025-06-18T03:55:52.035Z", "dateUpdated": "2025-06-23T17:41:29.958Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Requirements
Description:
- In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
No CAPEC attack patterns related to this CWE.