CWE-372
Incomplete Internal State Distinction
The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
CVE-2020-27222 (GCVE-0-2020-27222)
Vulnerability from cvelistv5
- CWE-372 - Incomplete Internal State Distinction
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
The Eclipse Foundation | Eclipse Californium |
Version: [2.3.0, 2.6.0] |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:11:36.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Californium", "vendor": "The Eclipse Foundation", "versions": [ { "status": "affected", "version": "[2.3.0, 2.6.0]" } ] } ], "descriptions": [ { "lang": "en", "value": "In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-372", "description": "CWE-372: Incomplete Internal State Distinction", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-03T16:36:38", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2020-27222", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Californium", "version": { "version_data": [ { "version_value": "[2.3.0, 2.6.0]" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-372: Incomplete Internal State Distinction" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2020-27222", "datePublished": "2021-02-03T15:45:13", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2024-08-04T16:11:36.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-25735 (GCVE-0-2021-25735)
Vulnerability from cvelistv5
- CWE-372 - Incomplete Internal State Distinction
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kubernetes/kubernetes/issues/100096" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kubernetes", "vendor": "Kubernetes", "versions": [ { "lessThanOrEqual": "1.18.17", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "1.19.9", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "1.20.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Rogerio Bastos \u0026 Ari Lima" } ], "datePublic": "2021-04-14T00:00:00", "descriptions": [ { "lang": "en", "value": "A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-372", "description": "CWE-372 Incomplete Internal State Distinction", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-06T11:32:00", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kubernetes/kubernetes/issues/100096" } ], "source": { "defect": [ "https://github.com/kubernetes/kubernetes/issues/100096" ], "discovery": "EXTERNAL" }, "title": "Validating Admission Webhook does not observe some previous fields", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2021-04-14T16:00:00.000Z", "ID": "CVE-2021-25735", "STATE": "PUBLIC", "TITLE": "Validating Admission Webhook does not observe some previous fields" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kubernetes", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "1.18.17" }, { "version_affected": "\u003c=", "version_value": "1.19.9" }, { "version_affected": "\u003c=", "version_value": "1.20.5" } ] } } ] }, "vendor_name": "Kubernetes" } ] } }, "credit": [ { "lang": "eng", "value": "Rogerio Bastos \u0026 Ari Lima" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-372 Incomplete Internal State Distinction" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y", "refsource": "MISC", "url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y" }, { "name": "https://github.com/kubernetes/kubernetes/issues/100096", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/100096" } ] }, "source": { "defect": [ "https://github.com/kubernetes/kubernetes/issues/100096" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2021-25735", "datePublished": "2021-09-06T11:32:00.853331Z", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-09-16T23:40:25.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-31127 (GCVE-0-2023-31127)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:25.626Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/DMTF/libspdm/security/advisories/GHSA-qw76-4v8p-xq9f", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/DMTF/libspdm/security/advisories/GHSA-qw76-4v8p-xq9f" }, { "name": "https://github.com/DMTF/libspdm/pull/2006", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/DMTF/libspdm/pull/2006" }, { "name": "https://github.com/DMTF/libspdm/pull/2007", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/DMTF/libspdm/pull/2007" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31127", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-28T20:51:49.268144Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-28T20:53:07.700Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "libspdm", "vendor": "DMTF", "versions": [ { "status": "affected", "version": "\u003c 2.3.2" } ] } ], "descriptions": [ { "lang": "en", "value": "libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual\nauthentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method\u0027s finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected.\n\nThis issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required.\n\nlibspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-372", "description": "CWE-372: Incomplete Internal State Distinction", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-08T20:05:29.675Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/DMTF/libspdm/security/advisories/GHSA-qw76-4v8p-xq9f", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/DMTF/libspdm/security/advisories/GHSA-qw76-4v8p-xq9f" }, { "name": "https://github.com/DMTF/libspdm/pull/2006", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/DMTF/libspdm/pull/2006" }, { "name": "https://github.com/DMTF/libspdm/pull/2007", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/DMTF/libspdm/pull/2007" } ], "source": { "advisory": "GHSA-qw76-4v8p-xq9f", "discovery": "UNKNOWN" }, "title": "DMTF-2023-0001: SPDM mutual authentication bypass" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-31127", "datePublished": "2023-05-08T20:05:29.675Z", "dateReserved": "2023-04-24T21:44:10.415Z", "dateUpdated": "2025-01-28T20:53:07.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-36834 (GCVE-0-2023-36834)
Vulnerability from cvelistv5
- CWE-372 - Incomplete Internal State Distinction
- Denial of Service (DoS)
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 20.1 < 20.1* Version: 20.2 < 20.2R3-S7 Version: 20.3 < 20.3* Version: 20.4 < 20.4R3-S7 Version: 21.1 < 21.1R3-S5 Version: 21.2 < 21.2R3-S3 Version: 21.3 < 21.3R3-S3 Version: 21.4 < 21.4R3-S1 Version: 22.1 < 22.1R3 Version: 22.2 < 22.2R2 Version: 22.3 < 22.3R1-S1, 22.3R2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:01:09.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://supportportal.juniper.net/JSA71641" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36834", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T14:19:57.018718Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T14:30:54.560Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "SRX4600", "SRX 5000 Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "changes": [ { "at": "20.1R1", "status": "affected" } ], "lessThan": "20.1*", "status": "affected", "version": "20.1", "versionType": "custom" }, { "lessThan": "20.2R3-S7", "status": "affected", "version": "20.2", "versionType": "custom" }, { "changes": [ { "at": "20.3R1", "status": "affected" } ], "lessThan": "20.3*", "status": "affected", "version": "20.3", "versionType": "custom" }, { "lessThan": "20.4R3-S7", "status": "affected", "version": "20.4", "versionType": "custom" }, { "lessThan": "21.1R3-S5", "status": "affected", "version": "21.1", "versionType": "custom" }, { "lessThan": "21.2R3-S3", "status": "affected", "version": "21.2", "versionType": "custom" }, { "lessThan": "21.3R3-S3", "status": "affected", "version": "21.3", "versionType": "custom" }, { "lessThan": "21.4R3-S1", "status": "affected", "version": "21.4", "versionType": "custom" }, { "lessThan": "22.1R3", "status": "affected", "version": "22.1", "versionType": "custom" }, { "lessThan": "22.2R2", "status": "affected", "version": "22.2", "versionType": "custom" }, { "lessThan": "22.3R1-S1, 22.3R2", "status": "affected", "version": "22.3", "versionType": "custom" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be exposed to this issue an SRX needs to be configured for L2 transparent mode like in the following example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ interfaces \u0026lt;interface1\u0026gt; unit \u0026lt;unit\u0026gt; family ethernet-switching vlan members \u0026lt;vlan\u0026gt; ]\u003cbr\u003e\u0026nbsp; [ interfaces \u0026lt;interface2\u0026gt; unit \u0026lt;unit\u0026gt; family ethernet-switching vlan members \u0026lt;vlan\u0026gt; ]\u003cbr\u003e\u0026nbsp; [ vlans \u0026lt;vlan\u0026gt; vlan-id \u0026lt;vlan ID\u0026gt; ]\u003c/tt\u003e" } ], "value": "To be exposed to this issue an SRX needs to be configured for L2 transparent mode like in the following example:\n\n\u00a0 [ interfaces \u003cinterface1\u003e unit \u003cunit\u003e family ethernet-switching vlan members \u003cvlan\u003e ]\n\u00a0 [ interfaces \u003cinterface2\u003e unit \u003cunit\u003e family ethernet-switching vlan members \u003cvlan\u003e ]\n\u00a0 [ vlans \u003cvlan\u003e vlan-id \u003cvlan ID\u003e ]" } ], "datePublic": "2023-07-12T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\u003cbr\u003e20.1 version 20.1R1 and later versions;\u003cbr\u003e20.2 versions prior to 20.2R3-S7;\u003cbr\u003e20.3 version 20.3R1 and later versions;\u003cbr\u003e20.4 versions prior to 20.4R3-S7;\u003cbr\u003e21.1 versions prior to 21.1R3-S5;\u003cbr\u003e21.2 versions prior to 21.2R3-S3;\u003cbr\u003e21.3 versions prior to 21.3R3-S3;\u003cbr\u003e21.4 versions prior to 21.4R3-S1;\u003cbr\u003e22.1 versions prior to 22.1R3;\u003cbr\u003e22.2 versions prior to 22.2R2;\u003cbr\u003e22.3 versions prior to 22.3R1-S1, 22.3R2.\u003cbr\u003e" } ], "value": "An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\n\nIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\n\nThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2.\n" } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e" } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-372", "description": "CWE-372 Incomplete Internal State Distinction", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-14T17:04:36.052Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "url": "https://supportportal.juniper.net/JSA71641" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\n" } ], "source": { "advisory": "JSA71641", "defect": [ "1685927" ], "discovery": "USER" }, "title": "Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e" } ], "value": "There are no known workarounds for this issue.\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2023-36834", "datePublished": "2023-07-14T17:04:36.052Z", "dateReserved": "2023-06-27T16:17:25.275Z", "dateUpdated": "2024-10-22T14:30:54.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-4012 (GCVE-0-2023-4012)
Vulnerability from cvelistv5
- CWE-372 - Incomplete Internal State Distinction
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:11.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GitLab Issue #794", "tags": [ "issue-tracking", "x_transferred" ], "url": "https://gitlab.com/NTPsec/ntpsec/-/issues/794" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-4012", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-30T15:47:43.075359Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T15:47:52.675Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ntpsec", "vendor": "NTPsec", "versions": [ { "status": "affected", "version": "1.2.2" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "R.L. Nicholas" } ], "descriptions": [ { "lang": "en", "value": "ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-372", "description": "CWE-372: Incomplete Internal State Distinction", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T15:04:49.191Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "name": "GitLab Issue #794", "tags": [ "issue-tracking" ], "url": "https://gitlab.com/NTPsec/ntpsec/-/issues/794" }, { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422" } ], "solutions": [ { "lang": "en", "value": "Upgrade to version 1.2.2a or 1.2.3" } ], "title": "Incomplete Internal State Distinction in ntpsec" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-4012", "datePublished": "2023-08-07T17:30:33.452Z", "dateReserved": "2023-07-31T09:01:28.128Z", "dateUpdated": "2024-08-30T15:47:52.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
No mitigation information available for this CWE.
CAPEC-140: Bypassing of Intermediate Forms in Multiple-Form Sets
Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application.
CAPEC-74: Manipulating State
['The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.', 'State management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.', 'If there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data.']