CWE-390

Detection of Error Condition Without Action

The product detects a specific error, but takes no actions to handle the error.

CVE-2017-7485 (GCVE-0-2017-7485)
Vulnerability from cvelistv5
Published
2017-05-12 19:00
Modified
2024-08-05 16:04
Severity ?
CWE
Summary
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
References
http://www.securitytracker.com/id/1038476 vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3851 vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2425 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1678 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1677 vendor-advisory, x_refsource_REDHAT
https://www.postgresql.org/about/news/1746/ x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1838 vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/98461 vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201710-06 vendor-advisory, x_refsource_GENTOO
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038476",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038476"
          },
          {
            "name": "DSA-3851",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3851"
          },
          {
            "name": "RHSA-2017:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2425"
          },
          {
            "name": "RHSA-2017:1678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1678"
          },
          {
            "name": "RHSA-2017:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1677"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1746/"
          },
          {
            "name": "RHSA-2017:1838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1838"
          },
          {
            "name": "98461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98461"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "The PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 - 9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1038476",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038476"
        },
        {
          "name": "DSA-3851",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3851"
        },
        {
          "name": "RHSA-2017:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2425"
        },
        {
          "name": "RHSA-2017:1678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1678"
        },
        {
          "name": "RHSA-2017:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1677"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1746/"
        },
        {
          "name": "RHSA-2017:1838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1838"
        },
        {
          "name": "98461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98461"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.3 - 9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038476",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038476"
            },
            {
              "name": "DSA-3851",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3851"
            },
            {
              "name": "RHSA-2017:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2425"
            },
            {
              "name": "RHSA-2017:1678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1678"
            },
            {
              "name": "RHSA-2017:1677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1677"
            },
            {
              "name": "https://www.postgresql.org/about/news/1746/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1746/"
            },
            {
              "name": "RHSA-2017:1838",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1838"
            },
            {
              "name": "98461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98461"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7485",
    "datePublished": "2017-05-12T19:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5051 (GCVE-0-2019-5051)
Vulnerability from cvelistv5
Published
2019-07-03 18:43
Modified
2024-08-04 19:47
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
Impacted products
Vendor Product Version
n/a Simple DirectMedia Version: Simple DirectMedia Layer SDL2_image 2.0.4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:47:55.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2019:2070",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2019:2108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
          },
          {
            "name": "USN-4238-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4238-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Simple DirectMedia",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Simple DirectMedia Layer SDL2_image 2.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T17:33:25",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2019:2070",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2019:2108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
        },
        {
          "name": "USN-4238-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4238-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Simple DirectMedia",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Simple DirectMedia Layer SDL2_image 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.8,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390: Detection of Error Condition Without Action"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2019:2070",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2019:2108",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
            },
            {
              "name": "USN-4238-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4238-1/"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2019-5051",
    "datePublished": "2019-07-03T18:43:48",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:47:55.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-40391 (GCVE-0-2021-40391)
Vulnerability from cvelistv5
Published
2021-11-19 18:53
Modified
2024-08-04 02:44
Severity ?
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Impacted products
Vendor Product Version
n/a Gerbv Version: Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:09.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
          },
          {
            "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
          },
          {
            "name": "FEDORA-2022-4a3ef86baa",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Gerbv",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-09T03:06:21",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
        },
        {
          "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
        },
        {
          "name": "FEDORA-2022-4a3ef86baa",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2021-40391",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Gerbv",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 10,
            "baseSeverity": null,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390: Detection of Error Condition Without Action"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
            },
            {
              "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
            },
            {
              "name": "FEDORA-2022-4a3ef86baa",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2021-40391",
    "datePublished": "2021-11-19T18:53:49",
    "dateReserved": "2021-09-01T00:00:00",
    "dateUpdated": "2024-08-04T02:44:09.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11942 (GCVE-0-2024-11942)
Vulnerability from cvelistv5
Published
2024-12-05 14:42
Modified
2024-12-05 15:41
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
References
Impacted products
Vendor Product Version
Drupal Drupal Core Version: 10.0.0   
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "drupal_core",
            "vendor": "drupal",
            "versions": [
              {
                "lessThan": "10.2.10",
                "status": "affected",
                "version": "10.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-11942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T15:32:51.782373Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T15:41:56.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/drupal",
          "defaultStatus": "unaffected",
          "product": "Drupal Core",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "10.2.10",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pierre Rudloff"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "catch"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lee Rowlands"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Benji Fisher"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Kim Pepper"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Wim Leers"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "xjm"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Dave Long"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec"
        }
      ],
      "datePublic": "2024-10-17T00:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in Drupal Core allows File Manipulation.\u003cp\u003eThis issue affects Drupal Core: from 10.0.0 before 10.2.10.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390 Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T14:42:07.812Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-core-2024-002"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2024-11942",
    "datePublished": "2024-12-05T14:42:07.812Z",
    "dateReserved": "2024-11-27T23:16:49.385Z",
    "dateUpdated": "2024-12-05T15:41:56.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12086 (GCVE-0-2024-12086)
Vulnerability from cvelistv5
Published
2025-01-14 17:37
Modified
2025-07-29 09:31
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12086",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:14:25.165183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:20:53.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/RsyncProject/rsync",
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "versions": [
            {
              "lessThanOrEqual": "3.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
        }
      ],
      "datePublic": "2025-01-14T15:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T09:31:17.273Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12086"
        },
        {
          "name": "RHBZ#2330577",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
        },
        {
          "url": "https://kb.cert.org/vuls/id/952657"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-05T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-14T15:06:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Rsync: rsync server leaks arbitrary client files",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12086",
    "datePublished": "2025-01-14T17:37:54.960Z",
    "dateReserved": "2024-12-03T08:57:58.397Z",
    "dateUpdated": "2025-07-29T09:31:17.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20316 (GCVE-0-2024-20316)
Vulnerability from cvelistv5
Published
2024-03-27 16:49
Modified
2024-08-01 21:59
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.
Impacted products
Vendor Product Version
Cisco Cisco IOS XE Software Version: 16.3.1
Version: 16.3.2
Version: 16.3.3
Version: 16.3.1a
Version: 16.3.4
Version: 16.3.5
Version: 16.3.5b
Version: 16.3.6
Version: 16.3.7
Version: 16.3.8
Version: 16.3.9
Version: 16.3.10
Version: 16.3.11
Version: 16.4.1
Version: 16.4.2
Version: 16.4.3
Version: 16.5.1
Version: 16.5.1a
Version: 16.5.1b
Version: 16.5.2
Version: 16.5.3
Version: 16.6.1
Version: 16.6.2
Version: 16.6.3
Version: 16.6.4
Version: 16.6.5
Version: 16.6.4a
Version: 16.6.5a
Version: 16.6.6
Version: 16.6.7
Version: 16.6.8
Version: 16.6.9
Version: 16.6.10
Version: 16.7.1
Version: 16.7.2
Version: 16.7.3
Version: 16.8.1
Version: 16.8.1a
Version: 16.8.1b
Version: 16.8.1s
Version: 16.8.1c
Version: 16.8.2
Version: 16.8.3
Version: 16.9.1
Version: 16.9.2
Version: 16.9.1a
Version: 16.9.1b
Version: 16.9.1s
Version: 16.9.3
Version: 16.9.4
Version: 16.9.3a
Version: 16.9.5
Version: 16.9.5f
Version: 16.9.6
Version: 16.9.7
Version: 16.9.8
Version: 16.10.1
Version: 16.10.1a
Version: 16.10.1b
Version: 16.10.1s
Version: 16.10.1e
Version: 16.10.2
Version: 16.10.3
Version: 16.11.1
Version: 16.11.1a
Version: 16.11.1b
Version: 16.11.2
Version: 16.11.1s
Version: 16.12.1
Version: 16.12.1s
Version: 16.12.1a
Version: 16.12.1c
Version: 16.12.2
Version: 16.12.2a
Version: 16.12.3
Version: 16.12.8
Version: 16.12.2s
Version: 16.12.1t
Version: 16.12.4
Version: 16.12.3s
Version: 16.12.3a
Version: 16.12.4a
Version: 16.12.5
Version: 16.12.6
Version: 16.12.5a
Version: 16.12.5b
Version: 16.12.6a
Version: 16.12.7
Version: 16.12.9
Version: 16.12.10
Version: 16.12.10a
Version: 16.12.11
Version: 17.1.1
Version: 17.1.1a
Version: 17.1.1s
Version: 17.1.1t
Version: 17.1.3
Version: 17.2.1
Version: 17.2.1r
Version: 17.2.1a
Version: 17.2.1v
Version: 17.2.2
Version: 17.2.3
Version: 17.3.1
Version: 17.3.2
Version: 17.3.3
Version: 17.3.1a
Version: 17.3.2a
Version: 17.3.4
Version: 17.3.5
Version: 17.3.4a
Version: 17.3.6
Version: 17.3.4b
Version: 17.3.4c
Version: 17.3.5a
Version: 17.3.5b
Version: 17.3.7
Version: 17.3.8
Version: 17.3.8a
Version: 17.4.1
Version: 17.4.2
Version: 17.4.1a
Version: 17.4.1b
Version: 17.4.2a
Version: 17.5.1
Version: 17.5.1a
Version: 17.6.1
Version: 17.6.2
Version: 17.6.1a
Version: 17.6.3
Version: 17.6.3a
Version: 17.6.4
Version: 17.6.5
Version: 17.6.6
Version: 17.6.6a
Version: 17.6.5a
Version: 17.7.1
Version: 17.7.1a
Version: 17.7.1b
Version: 17.7.2
Version: 17.10.1
Version: 17.10.1a
Version: 17.10.1b
Version: 17.8.1
Version: 17.8.1a
Version: 17.9.1
Version: 17.9.2
Version: 17.9.1a
Version: 17.9.3
Version: 17.9.2a
Version: 17.9.3a
Version: 17.9.4
Version: 17.9.4a
Version: 17.11.1
Version: 17.11.1a
Version: 17.12.1
Version: 17.12.1a
Version: 17.12.2
Version: 17.12.2a
Version: 17.11.99SW
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xe",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "16.3.1"
              },
              {
                "status": "affected",
                "version": "16.3.2"
              },
              {
                "status": "affected",
                "version": "16.3.3"
              },
              {
                "status": "affected",
                "version": "16.3.1a"
              },
              {
                "status": "affected",
                "version": "16.3.4"
              },
              {
                "status": "affected",
                "version": "16.3.5"
              },
              {
                "status": "affected",
                "version": "16.3.5b"
              },
              {
                "status": "affected",
                "version": "16.3.6"
              },
              {
                "status": "affected",
                "version": "16.3.7"
              },
              {
                "status": "affected",
                "version": "16.3.8"
              },
              {
                "status": "affected",
                "version": "16.3.9"
              },
              {
                "status": "affected",
                "version": "16.3.10"
              },
              {
                "status": "affected",
                "version": "16.3.11"
              },
              {
                "status": "affected",
                "version": "16.4.1"
              },
              {
                "status": "affected",
                "version": "16.4.2"
              },
              {
                "status": "affected",
                "version": "16.4.3"
              },
              {
                "status": "affected",
                "version": "16.5.1"
              },
              {
                "status": "affected",
                "version": "16.5.1a"
              },
              {
                "status": "affected",
                "version": "16.5.1b"
              },
              {
                "status": "affected",
                "version": "16.5.2"
              },
              {
                "status": "affected",
                "version": "16.5.3"
              },
              {
                "status": "affected",
                "version": "16.6.1"
              },
              {
                "status": "affected",
                "version": "16.6.2"
              },
              {
                "status": "affected",
                "version": "16.6.3"
              },
              {
                "status": "affected",
                "version": "16.6.4"
              },
              {
                "status": "affected",
                "version": "16.6.5"
              },
              {
                "status": "affected",
                "version": "16.6.4a"
              },
              {
                "status": "affected",
                "version": "16.6.5a"
              },
              {
                "status": "affected",
                "version": "16.6.6"
              },
              {
                "status": "affected",
                "version": "16.6.7"
              },
              {
                "status": "affected",
                "version": "16.6.8"
              },
              {
                "status": "affected",
                "version": "16.6.9"
              },
              {
                "status": "affected",
                "version": "16.6.10"
              },
              {
                "status": "affected",
                "version": "16.7.1"
              },
              {
                "status": "affected",
                "version": "16.7.2"
              },
              {
                "status": "affected",
                "version": "16.7.3"
              },
              {
                "status": "affected",
                "version": "16.8.1"
              },
              {
                "status": "affected",
                "version": "16.8.1a"
              },
              {
                "status": "affected",
                "version": "16.8.1b"
              },
              {
                "status": "affected",
                "version": "16.8.1s"
              },
              {
                "status": "affected",
                "version": "16.8.1c"
              },
              {
                "status": "affected",
                "version": "16.8.2"
              },
              {
                "status": "affected",
                "version": "16.8.3"
              },
              {
                "status": "affected",
                "version": "16.9.1"
              },
              {
                "status": "affected",
                "version": "16.9.2"
              },
              {
                "status": "affected",
                "version": "16.9.1a"
              },
              {
                "status": "affected",
                "version": "16.9.1b"
              },
              {
                "status": "affected",
                "version": "16.9.1s"
              },
              {
                "status": "affected",
                "version": "16.9.3"
              },
              {
                "status": "affected",
                "version": "16.9.4"
              },
              {
                "status": "affected",
                "version": "16.9.3a"
              },
              {
                "status": "affected",
                "version": "16.9.5"
              },
              {
                "status": "affected",
                "version": "16.9.5f"
              },
              {
                "status": "affected",
                "version": "16.9.6"
              },
              {
                "status": "affected",
                "version": "16.9.7"
              },
              {
                "status": "affected",
                "version": "16.9.8"
              },
              {
                "status": "affected",
                "version": "16.10.1"
              },
              {
                "status": "affected",
                "version": "16.10.1a"
              },
              {
                "status": "affected",
                "version": "16.10.1b"
              },
              {
                "status": "affected",
                "version": "16.10.1s"
              },
              {
                "status": "affected",
                "version": "16.10.1e"
              },
              {
                "status": "affected",
                "version": "16.10.2"
              },
              {
                "status": "affected",
                "version": "16.10.3"
              },
              {
                "status": "affected",
                "version": "16.11.1"
              },
              {
                "status": "affected",
                "version": "16.11.1a"
              },
              {
                "status": "affected",
                "version": "16.11.1b"
              },
              {
                "status": "affected",
                "version": "16.11.2"
              },
              {
                "status": "affected",
                "version": "16.11.1s"
              },
              {
                "status": "affected",
                "version": "16.12.1"
              },
              {
                "status": "affected",
                "version": "16.12.1s"
              },
              {
                "status": "affected",
                "version": "16.12.1a"
              },
              {
                "status": "affected",
                "version": "16.12.1c"
              },
              {
                "status": "affected",
                "version": "16.12.2"
              },
              {
                "status": "affected",
                "version": "16.12.2a"
              },
              {
                "status": "affected",
                "version": "16.12.3"
              },
              {
                "status": "affected",
                "version": "16.12.8"
              },
              {
                "status": "affected",
                "version": "16.12.2s"
              },
              {
                "status": "affected",
                "version": "16.12.1t"
              },
              {
                "status": "affected",
                "version": "16.12.4"
              },
              {
                "status": "affected",
                "version": "16.12.3s"
              },
              {
                "status": "affected",
                "version": "16.12.3a"
              },
              {
                "status": "affected",
                "version": "16.12.4a"
              },
              {
                "status": "affected",
                "version": "16.12.5"
              },
              {
                "status": "affected",
                "version": "16.12.6"
              },
              {
                "status": "affected",
                "version": "16.12.5a"
              },
              {
                "status": "affected",
                "version": "16.12.5b"
              },
              {
                "status": "affected",
                "version": "16.12.6a"
              },
              {
                "status": "affected",
                "version": "16.12.7"
              },
              {
                "status": "affected",
                "version": "16.12.9"
              },
              {
                "status": "affected",
                "version": "16.12.10"
              },
              {
                "status": "affected",
                "version": "16.12.10a"
              },
              {
                "status": "affected",
                "version": "16.12.11"
              },
              {
                "status": "affected",
                "version": "17.1.1"
              },
              {
                "status": "affected",
                "version": "17.1.1a"
              },
              {
                "status": "affected",
                "version": "17.1.1s"
              },
              {
                "status": "affected",
                "version": "17.1.1t"
              },
              {
                "status": "affected",
                "version": "17.1.3"
              },
              {
                "status": "affected",
                "version": "17.2.1"
              },
              {
                "status": "affected",
                "version": "17.2.1r"
              },
              {
                "status": "affected",
                "version": "17.2.1a"
              },
              {
                "status": "affected",
                "version": "17.2.1v"
              },
              {
                "status": "affected",
                "version": "17.2.2"
              },
              {
                "status": "affected",
                "version": "17.2.3"
              },
              {
                "status": "affected",
                "version": "17.3.1"
              },
              {
                "status": "affected",
                "version": "17.3.2"
              },
              {
                "status": "affected",
                "version": "17.3.3"
              },
              {
                "status": "affected",
                "version": "17.3.1a"
              },
              {
                "status": "affected",
                "version": "17.3.2a"
              },
              {
                "status": "affected",
                "version": "17.3.4"
              },
              {
                "status": "affected",
                "version": "17.3.5"
              },
              {
                "status": "affected",
                "version": "17.3.4a"
              },
              {
                "status": "affected",
                "version": "17.3.6"
              },
              {
                "status": "affected",
                "version": "17.3.4b"
              },
              {
                "status": "affected",
                "version": "17.3.4c"
              },
              {
                "status": "affected",
                "version": "17.3.5a"
              },
              {
                "status": "affected",
                "version": "17.3.5b"
              },
              {
                "status": "affected",
                "version": "17.3.7"
              },
              {
                "status": "affected",
                "version": "17.3.8"
              },
              {
                "status": "affected",
                "version": "17.3.8a"
              },
              {
                "status": "affected",
                "version": "17.4.1"
              },
              {
                "status": "affected",
                "version": "17.4.2"
              },
              {
                "status": "affected",
                "version": "17.4.1a"
              },
              {
                "status": "affected",
                "version": "17.4.1b"
              },
              {
                "status": "affected",
                "version": "17.4.2a"
              },
              {
                "status": "affected",
                "version": "17.5.1"
              },
              {
                "status": "affected",
                "version": "17.5.1a"
              },
              {
                "status": "affected",
                "version": "17.6.1"
              },
              {
                "status": "affected",
                "version": "17.6.2"
              },
              {
                "status": "affected",
                "version": "17.6.1a"
              },
              {
                "status": "affected",
                "version": "17.6.3"
              },
              {
                "status": "affected",
                "version": "17.6.3a"
              },
              {
                "status": "affected",
                "version": "17.6.4"
              },
              {
                "status": "affected",
                "version": "17.6.5"
              },
              {
                "status": "affected",
                "version": "17.6.6"
              },
              {
                "status": "affected",
                "version": "17.6.6a"
              },
              {
                "status": "affected",
                "version": "17.6.5a"
              },
              {
                "status": "affected",
                "version": "17.7.1"
              },
              {
                "status": "affected",
                "version": "17.7.1a"
              },
              {
                "status": "affected",
                "version": "17.7.1b"
              },
              {
                "status": "affected",
                "version": "17.7.2"
              },
              {
                "status": "affected",
                "version": "17.10.1"
              },
              {
                "status": "affected",
                "version": "17.10.1a"
              },
              {
                "status": "affected",
                "version": "17.10.1b"
              },
              {
                "status": "affected",
                "version": "17.8.1"
              },
              {
                "status": "affected",
                "version": "17.8.1a"
              },
              {
                "status": "affected",
                "version": "17.9.1"
              },
              {
                "status": "affected",
                "version": "17.9.2"
              },
              {
                "status": "affected",
                "version": "17.9.1a"
              },
              {
                "status": "affected",
                "version": "17.9.3"
              },
              {
                "status": "affected",
                "version": "17.9.2a"
              },
              {
                "status": "affected",
                "version": "17.9.3a"
              },
              {
                "status": "affected",
                "version": "17.9.4"
              },
              {
                "status": "affected",
                "version": "17.9.4a"
              },
              {
                "status": "affected",
                "version": "17.11.1"
              },
              {
                "status": "affected",
                "version": "17.11.1a"
              },
              {
                "status": "affected",
                "version": "17.12.1"
              },
              {
                "status": "affected",
                "version": "17.12.1a"
              },
              {
                "status": "affected",
                "version": "17.12.2"
              },
              {
                "status": "affected",
                "version": "17.12.2a"
              },
              {
                "status": "affected",
                "version": "17.11.99SW"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-29T17:11:12.713334Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:25:58.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.3.1"
            },
            {
              "status": "affected",
              "version": "16.3.2"
            },
            {
              "status": "affected",
              "version": "16.3.3"
            },
            {
              "status": "affected",
              "version": "16.3.1a"
            },
            {
              "status": "affected",
              "version": "16.3.4"
            },
            {
              "status": "affected",
              "version": "16.3.5"
            },
            {
              "status": "affected",
              "version": "16.3.5b"
            },
            {
              "status": "affected",
              "version": "16.3.6"
            },
            {
              "status": "affected",
              "version": "16.3.7"
            },
            {
              "status": "affected",
              "version": "16.3.8"
            },
            {
              "status": "affected",
              "version": "16.3.9"
            },
            {
              "status": "affected",
              "version": "16.3.10"
            },
            {
              "status": "affected",
              "version": "16.3.11"
            },
            {
              "status": "affected",
              "version": "16.4.1"
            },
            {
              "status": "affected",
              "version": "16.4.2"
            },
            {
              "status": "affected",
              "version": "16.4.3"
            },
            {
              "status": "affected",
              "version": "16.5.1"
            },
            {
              "status": "affected",
              "version": "16.5.1a"
            },
            {
              "status": "affected",
              "version": "16.5.1b"
            },
            {
              "status": "affected",
              "version": "16.5.2"
            },
            {
              "status": "affected",
              "version": "16.5.3"
            },
            {
              "status": "affected",
              "version": "16.6.1"
            },
            {
              "status": "affected",
              "version": "16.6.2"
            },
            {
              "status": "affected",
              "version": "16.6.3"
            },
            {
              "status": "affected",
              "version": "16.6.4"
            },
            {
              "status": "affected",
              "version": "16.6.5"
            },
            {
              "status": "affected",
              "version": "16.6.4a"
            },
            {
              "status": "affected",
              "version": "16.6.5a"
            },
            {
              "status": "affected",
              "version": "16.6.6"
            },
            {
              "status": "affected",
              "version": "16.6.7"
            },
            {
              "status": "affected",
              "version": "16.6.8"
            },
            {
              "status": "affected",
              "version": "16.6.9"
            },
            {
              "status": "affected",
              "version": "16.6.10"
            },
            {
              "status": "affected",
              "version": "16.7.1"
            },
            {
              "status": "affected",
              "version": "16.7.2"
            },
            {
              "status": "affected",
              "version": "16.7.3"
            },
            {
              "status": "affected",
              "version": "16.8.1"
            },
            {
              "status": "affected",
              "version": "16.8.1a"
            },
            {
              "status": "affected",
              "version": "16.8.1b"
            },
            {
              "status": "affected",
              "version": "16.8.1s"
            },
            {
              "status": "affected",
              "version": "16.8.1c"
            },
            {
              "status": "affected",
              "version": "16.8.2"
            },
            {
              "status": "affected",
              "version": "16.8.3"
            },
            {
              "status": "affected",
              "version": "16.9.1"
            },
            {
              "status": "affected",
              "version": "16.9.2"
            },
            {
              "status": "affected",
              "version": "16.9.1a"
            },
            {
              "status": "affected",
              "version": "16.9.1b"
            },
            {
              "status": "affected",
              "version": "16.9.1s"
            },
            {
              "status": "affected",
              "version": "16.9.3"
            },
            {
              "status": "affected",
              "version": "16.9.4"
            },
            {
              "status": "affected",
              "version": "16.9.3a"
            },
            {
              "status": "affected",
              "version": "16.9.5"
            },
            {
              "status": "affected",
              "version": "16.9.5f"
            },
            {
              "status": "affected",
              "version": "16.9.6"
            },
            {
              "status": "affected",
              "version": "16.9.7"
            },
            {
              "status": "affected",
              "version": "16.9.8"
            },
            {
              "status": "affected",
              "version": "16.10.1"
            },
            {
              "status": "affected",
              "version": "16.10.1a"
            },
            {
              "status": "affected",
              "version": "16.10.1b"
            },
            {
              "status": "affected",
              "version": "16.10.1s"
            },
            {
              "status": "affected",
              "version": "16.10.1e"
            },
            {
              "status": "affected",
              "version": "16.10.2"
            },
            {
              "status": "affected",
              "version": "16.10.3"
            },
            {
              "status": "affected",
              "version": "16.11.1"
            },
            {
              "status": "affected",
              "version": "16.11.1a"
            },
            {
              "status": "affected",
              "version": "16.11.1b"
            },
            {
              "status": "affected",
              "version": "16.11.2"
            },
            {
              "status": "affected",
              "version": "16.11.1s"
            },
            {
              "status": "affected",
              "version": "16.12.1"
            },
            {
              "status": "affected",
              "version": "16.12.1s"
            },
            {
              "status": "affected",
              "version": "16.12.1a"
            },
            {
              "status": "affected",
              "version": "16.12.1c"
            },
            {
              "status": "affected",
              "version": "16.12.2"
            },
            {
              "status": "affected",
              "version": "16.12.2a"
            },
            {
              "status": "affected",
              "version": "16.12.3"
            },
            {
              "status": "affected",
              "version": "16.12.8"
            },
            {
              "status": "affected",
              "version": "16.12.2s"
            },
            {
              "status": "affected",
              "version": "16.12.1t"
            },
            {
              "status": "affected",
              "version": "16.12.4"
            },
            {
              "status": "affected",
              "version": "16.12.3s"
            },
            {
              "status": "affected",
              "version": "16.12.3a"
            },
            {
              "status": "affected",
              "version": "16.12.4a"
            },
            {
              "status": "affected",
              "version": "16.12.5"
            },
            {
              "status": "affected",
              "version": "16.12.6"
            },
            {
              "status": "affected",
              "version": "16.12.5a"
            },
            {
              "status": "affected",
              "version": "16.12.5b"
            },
            {
              "status": "affected",
              "version": "16.12.6a"
            },
            {
              "status": "affected",
              "version": "16.12.7"
            },
            {
              "status": "affected",
              "version": "16.12.9"
            },
            {
              "status": "affected",
              "version": "16.12.10"
            },
            {
              "status": "affected",
              "version": "16.12.10a"
            },
            {
              "status": "affected",
              "version": "16.12.11"
            },
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "17.1.1a"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.3"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1r"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.2.1v"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.1a"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.4a"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.4b"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.3.8"
            },
            {
              "status": "affected",
              "version": "17.3.8a"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.4.1a"
            },
            {
              "status": "affected",
              "version": "17.4.1b"
            },
            {
              "status": "affected",
              "version": "17.4.2a"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.5.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.3a"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.1b"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            },
            {
              "status": "affected",
              "version": "17.9.3a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.11.1a"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.12.2a"
            },
            {
              "status": "affected",
              "version": "17.11.99SW"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).\r\n\r This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "Detection of Error Condition Without Action",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T16:49:03.113Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
        }
      ],
      "source": {
        "advisory": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
        "defects": [
          "CSCwf92391",
          "CSCwe12169"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20316",
    "datePublished": "2024-03-27T16:49:03.113Z",
    "dateReserved": "2023-11-08T15:08:07.632Z",
    "dateUpdated": "2024-08-01T21:59:42.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27919 (GCVE-0-2024-27919)
Vulnerability from cvelistv5
Published
2024-04-04 14:30
Modified
2025-02-13 17:47
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
Impacted products
Vendor Product Version
envoyproxy envoy Version: >= 1.29.0, < 1.29.2
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "envoy",
            "vendor": "envoyproxy",
            "versions": [
              {
                "lessThan": "1.29.2",
                "status": "affected",
                "version": "1.29.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T00:03:09.545061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T00:04:41.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:55.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:07:45.997Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
        },
        {
          "name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
        }
      ],
      "source": {
        "advisory": "GHSA-gghf-vfxp-799r",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP/2: memory exhaustion due to CONTINUATION frame flood"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-27919",
    "datePublished": "2024-04-04T14:30:11.144Z",
    "dateReserved": "2024-02-28T15:14:14.214Z",
    "dateUpdated": "2025-02-13T17:47:14.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-30255 (GCVE-0-2024-30255)
Vulnerability from cvelistv5
Published
2024-04-04 19:41
Modified
2025-02-13 17:47
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
Impacted products
Vendor Product Version
envoyproxy envoy Version: >= 1.29.0, < 1.29.3
Version: >= 1.28.0, < 1.28.2
Version: >= 1.27.0, < 1.27.4
Version: < 1.26.8
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "envoy",
            "vendor": "envoyproxy",
            "versions": [
              {
                "lessThan": "1.29.3",
                "status": "affected",
                "version": "1.29.0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.28.2",
                "status": "affected",
                "version": "1.28.0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.27.4",
                "status": "affected",
                "version": "1.27.0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.26.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-08T14:58:49.679014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T13:47:51.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:32:05.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.28.0, \u003c 1.28.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.27.0, \u003c 1.27.4"
            },
            {
              "status": "affected",
              "version": "\u003c 1.26.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy\u0027s header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:07:47.558Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
        }
      ],
      "source": {
        "advisory": "GHSA-j654-3ccm-vfmm",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP/2: CPU exhaustion due to CONTINUATION frame flood"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-30255",
    "datePublished": "2024-04-04T19:41:02.634Z",
    "dateReserved": "2024-03-26T12:52:00.934Z",
    "dateUpdated": "2025-02-13T17:47:46.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49841 (GCVE-0-2024-49841)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 18:54
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Version: AQT1000
Version: AR8035
Version: FastConnect 6200
Version: FastConnect 6700
Version: FastConnect 6800
Version: FastConnect 6900
Version: FastConnect 7800
Version: QAM8255P
Version: QAM8295P
Version: QAM8620P
Version: QAM8650P
Version: QAM8775P
Version: QAMSRV1H
Version: QAMSRV1M
Version: QCA6174A
Version: QCA6310
Version: QCA6335
Version: QCA6391
Version: QCA6420
Version: QCA6421
Version: QCA6426
Version: QCA6430
Version: QCA6431
Version: QCA6436
Version: QCA6564A
Version: QCA6564AU
Version: QCA6574
Version: QCA6574A
Version: QCA6574AU
Version: QCA6584AU
Version: QCA6595
Version: QCA6595AU
Version: QCA6678AQ
Version: QCA6688AQ
Version: QCA6696
Version: QCA6698AQ
Version: QCA6797AQ
Version: QCA8081
Version: QCA8337
Version: QCA9377
Version: QCC710
Version: QCM5430
Version: QCM6490
Version: QCM8550
Version: QCN6224
Version: QCN6274
Version: QCN9274
Version: QCS5430
Version: QCS6490
Version: QCS8300
Version: QCS8550
Version: QCS9100
Version: QDU1000
Version: QDU1010
Version: QDU1110
Version: QDU1210
Version: QDX1010
Version: QDX1011
Version: QEP8111
Version: QFW7114
Version: QFW7124
Version: QMP1000
Version: QRU1032
Version: QRU1052
Version: QRU1062
Version: QSM8350
Version: Qualcomm Video Collaboration VC3 Platform
Version: Robotics RB3 Platform
Version: SA6145P
Version: SA6155
Version: SA6155P
Version: SA7255P
Version: SA7775P
Version: SA8150P
Version: SA8155
Version: SA8155P
Version: SA8255P
Version: SA8295P
Version: SA8540P
Version: SA8620P
Version: SA8650P
Version: SA8770P
Version: SA8775P
Version: SA9000P
Version: SC8380XP
Version: SD 675
Version: SD 8 Gen1 5G
Version: SD 8CX
Version: SD670
Version: SD675
Version: SD855
Version: SD865 5G
Version: SDX55
Version: SDX57M
Version: SDX80M
Version: SM7250P
Version: SM8735
Version: SM8750
Version: SM8750P
Version: Snapdragon 670 Mobile Platform
Version: Snapdragon 675 Mobile Platform
Version: Snapdragon 678 Mobile Platform (SM6150-AC)
Version: Snapdragon 765 5G Mobile Platform (SM7250-AA)
Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Version: Snapdragon 8 Gen 1 Mobile Platform
Version: Snapdragon 8 Gen 3 Mobile Platform
Version: Snapdragon 845 Mobile Platform
Version: Snapdragon 850 Mobile Compute Platform
Version: Snapdragon 855 Mobile Platform
Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Version: Snapdragon 865 5G Mobile Platform
Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Version: Snapdragon 870 5G Mobile Platform (SM8250-AC)
Version: Snapdragon 888 5G Mobile Platform
Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite"
Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB)
Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro"
Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro"
Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)
Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)
Version: Snapdragon AR1 Gen 1 Platform
Version: Snapdragon AR1 Gen 1 Platform "Luna1"
Version: Snapdragon AR2 Gen 1 Platform
Version: Snapdragon Auto 5G Modem-RF Gen 2
Version: Snapdragon X24 LTE Modem
Version: Snapdragon X32 5G Modem-RF System
Version: Snapdragon X35 5G Modem-RF System
Version: Snapdragon X50 5G Modem-RF System
Version: Snapdragon X55 5G Modem-RF System
Version: Snapdragon X62 5G Modem-RF System
Version: Snapdragon X65 5G Modem-RF System
Version: Snapdragon X72 5G Modem-RF System
Version: Snapdragon X75 5G Modem-RF System
Version: Snapdragon XR2 5G Platform
Version: SRV1H
Version: SRV1L
Version: SRV1M
Version: SSG2115P
Version: SSG2125P
Version: SXR1230P
Version: SXR2130
Version: SXR2330P
Version: Vision Intelligence 300 Platform
Version: Vision Intelligence 400 Platform
Version: WCD9326
Version: WCD9340
Version: WCD9341
Version: WCD9370
Version: WCD9375
Version: WCD9378
Version: WCD9380
Version: WCD9385
Version: WCD9390
Version: WCD9395
Version: WCN3950
Version: WCN3980
Version: WCN3990
Version: WCN7750
Version: WCN7860
Version: WCN7861
Version: WCN7880
Version: WCN7881
Version: WSA8810
Version: WSA8815
Version: WSA8830
Version: WSA8832
Version: WSA8835
Version: WSA8840
Version: WSA8845
Version: WSA8845H
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49841",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T03:55:34.813937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T18:54:32.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon MDM",
            "Snapdragon Mobile",
            "Snapdragon Technology"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "AQT1000"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8620P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6310"
            },
            {
              "status": "affected",
              "version": "QCA6335"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6420"
            },
            {
              "status": "affected",
              "version": "QCA6421"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6430"
            },
            {
              "status": "affected",
              "version": "QCA6431"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6678AQ"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA6797AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCA9377"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCM8550"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN9274"
            },
            {
              "status": "affected",
              "version": "QCS5430"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "QCS8300"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QCS9100"
            },
            {
              "status": "affected",
              "version": "QDU1000"
            },
            {
              "status": "affected",
              "version": "QDU1010"
            },
            {
              "status": "affected",
              "version": "QDU1110"
            },
            {
              "status": "affected",
              "version": "QDU1210"
            },
            {
              "status": "affected",
              "version": "QDX1010"
            },
            {
              "status": "affected",
              "version": "QDX1011"
            },
            {
              "status": "affected",
              "version": "QEP8111"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "QRU1032"
            },
            {
              "status": "affected",
              "version": "QRU1052"
            },
            {
              "status": "affected",
              "version": "QRU1062"
            },
            {
              "status": "affected",
              "version": "QSM8350"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB3 Platform"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8540P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "SC8380XP"
            },
            {
              "status": "affected",
              "version": "SD 675"
            },
            {
              "status": "affected",
              "version": "SD 8 Gen1 5G"
            },
            {
              "status": "affected",
              "version": "SD 8CX"
            },
            {
              "status": "affected",
              "version": "SD670"
            },
            {
              "status": "affected",
              "version": "SD675"
            },
            {
              "status": "affected",
              "version": "SD855"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SDX57M"
            },
            {
              "status": "affected",
              "version": "SDX80M"
            },
            {
              "status": "affected",
              "version": "SM7250P"
            },
            {
              "status": "affected",
              "version": "SM8735"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 670 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 675 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 845 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 850 Mobile Compute Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon X24 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X32 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X35 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X50 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X62 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X65 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1L"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "SXR2330P"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 300 Platform"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 400 Platform"
            },
            {
              "status": "affected",
              "version": "WCD9326"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9378"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3990"
            },
            {
              "status": "affected",
              "version": "WCN7750"
            },
            {
              "status": "affected",
              "version": "WCN7860"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7880"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390 Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-06T08:32:18.628Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
        }
      ],
      "title": "Detection of Error Condition Without Action in Hypervisor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-49841",
    "datePublished": "2025-05-06T08:32:18.628Z",
    "dateReserved": "2024-10-20T17:18:43.216Z",
    "dateUpdated": "2025-05-07T18:54:32.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-25204 (GCVE-0-2025-25204)
Vulnerability from cvelistv5
Published
2025-02-14 16:38
Modified
2025-03-03 19:13
CWE
  • CWE-390 - Detection of Error Condition Without Action
Summary
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible.
Impacted products
Vendor Product Version
cli cli Version: >= 2.49.0, < 2.67.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25204",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T15:29:05.799010Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T19:13:28.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cli",
          "vendor": "cli",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.49.0, \u003c 2.67.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "`gh` is GitHub\u2019s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub\u0027s Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`\u0027s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-14T16:38:29.038Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8"
        },
        {
          "name": "https://github.com/cli/cli/issues/10418",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cli/cli/issues/10418"
        },
        {
          "name": "https://github.com/cli/cli/pull/10421",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cli/cli/pull/10421"
        }
      ],
      "source": {
        "advisory": "GHSA-fgw4-v983-mgp8",
        "discovery": "UNKNOWN"
      },
      "title": "`gh attestation verify` returns incorrect exit code during verification if no attestations are present"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-25204",
    "datePublished": "2025-02-14T16:38:29.038Z",
    "dateReserved": "2025-02-03T19:30:53.401Z",
    "dateUpdated": "2025-03-03T19:13:28.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Implementation

Description:

  • Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
Mitigation

Phase: Implementation

Description:

  • If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program.
Mitigation

Phase: Testing

Description:

  • Subject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page