CWE-390
Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.
CVE-2017-7485 (GCVE-0-2017-7485)
Vulnerability from cvelistv5
Published
2017-05-12 19:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The PostgreSQL Global Development Group | PostgreSQL |
Version: 9.3 - 9.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1038476", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038476" }, { "name": "DSA-3851", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3851" }, { "name": "RHSA-2017:2425", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2425" }, { "name": "RHSA-2017:1678", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1678" }, { "name": "RHSA-2017:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1677" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.postgresql.org/about/news/1746/" }, { "name": "RHSA-2017:1838", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1838" }, { "name": "98461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98461" }, { "name": "GLSA-201710-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "PostgreSQL", "vendor": "The PostgreSQL Global Development Group", "versions": [ { "status": "affected", "version": "9.3 - 9.6" } ] } ], "datePublic": "2017-05-12T00:00:00", "descriptions": [ { "lang": "en", "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1038476", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038476" }, { "name": "DSA-3851", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3851" }, { "name": "RHSA-2017:2425", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2425" }, { "name": "RHSA-2017:1678", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1678" }, { "name": "RHSA-2017:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1677" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.postgresql.org/about/news/1746/" }, { "name": "RHSA-2017:1838", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1838" }, { "name": "98461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98461" }, { "name": "GLSA-201710-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-06" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7485", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PostgreSQL", "version": { "version_data": [ { "version_value": "9.3 - 9.6" } ] } } ] }, "vendor_name": "The PostgreSQL Global Development Group" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-390" } ] } ] }, "references": { "reference_data": [ { "name": "1038476", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038476" }, { "name": "DSA-3851", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3851" }, { "name": "RHSA-2017:2425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2425" }, { "name": "RHSA-2017:1678", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1678" }, { "name": "RHSA-2017:1677", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1677" }, { "name": "https://www.postgresql.org/about/news/1746/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1746/" }, { "name": "RHSA-2017:1838", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1838" }, { "name": "98461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98461" }, { "name": "GLSA-201710-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-06" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7485", "datePublished": "2017-05-12T19:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-5051 (GCVE-0-2019-5051)
Vulnerability from cvelistv5
Published
2019-07-03 18:43
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Simple DirectMedia |
Version: Simple DirectMedia Layer SDL2_image 2.0.4 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:47:55.830Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" }, { "name": "openSUSE-SU-2019:2070", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html" }, { "name": "openSUSE-SU-2019:2108", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" }, { "name": "USN-4238-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4238-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Simple DirectMedia", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Simple DirectMedia Layer SDL2_image 2.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390: Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-19T17:33:25", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" }, { "name": "openSUSE-SU-2019:2070", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html" }, { "name": "openSUSE-SU-2019:2108", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" }, { "name": "USN-4238-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4238-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5051", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Simple DirectMedia", "version": { "version_data": [ { "version_value": "Simple DirectMedia Layer SDL2_image 2.0.4" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability." } ] }, "impact": { "cvss": { "baseScore": 8.8, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-390: Detection of Error Condition Without Action" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" }, { "name": "openSUSE-SU-2019:2070", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html" }, { "name": "openSUSE-SU-2019:2108", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" }, { "name": "USN-4238-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4238-1/" }, { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820" } ] } } } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5051", "datePublished": "2019-07-03T18:43:48", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:55.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-40391 (GCVE-0-2021-40391)
Vulnerability from cvelistv5
Published
2021-11-19 18:53
Modified
2024-08-04 02:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:44:09.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402" }, { "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html" }, { "name": "FEDORA-2022-4a3ef86baa", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Gerbv", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390: Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-09T03:06:21", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402" }, { "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html" }, { "name": "FEDORA-2022-4a3ef86baa", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2021-40391", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Gerbv", "version": { "version_data": [ { "version_value": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability." } ] }, "impact": { "cvss": { "baseScore": 10, "baseSeverity": null, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-390: Detection of Error Condition Without Action" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402" }, { "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html" }, { "name": "FEDORA-2022-4a3ef86baa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/" } ] } } } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2021-40391", "datePublished": "2021-11-19T18:53:49", "dateReserved": "2021-09-01T00:00:00", "dateUpdated": "2024-08-04T02:44:09.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-11942 (GCVE-0-2024-11942)
Vulnerability from cvelistv5
Published
2024-12-05 14:42
Modified
2024-12-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Drupal | Drupal Core |
Version: 10.0.0 ≤ |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "drupal_core", "vendor": "drupal", "versions": [ { "lessThan": "10.2.10", "status": "affected", "version": "10.0.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-11942", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T15:32:51.782373Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T15:41:56.600Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://www.drupal.org/project/drupal", "defaultStatus": "unaffected", "product": "Drupal Core", "vendor": "Drupal", "versions": [ { "lessThan": "10.2.10", "status": "affected", "version": "10.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Pierre Rudloff" }, { "lang": "en", "type": "remediation developer", "value": "catch" }, { "lang": "en", "type": "remediation developer", "value": "Lee Rowlands" }, { "lang": "en", "type": "remediation developer", "value": "Benji Fisher" }, { "lang": "en", "type": "remediation developer", "value": "Kim Pepper" }, { "lang": "en", "type": "remediation developer", "value": "Wim Leers" }, { "lang": "en", "type": "remediation developer", "value": "xjm" }, { "lang": "en", "type": "coordinator", "value": "Dave Long" }, { "lang": "en", "type": "coordinator", "value": "Juraj Nemec" } ], "datePublic": "2024-10-17T00:09:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability in Drupal Core allows File Manipulation.\u003cp\u003eThis issue affects Drupal Core: from 10.0.0 before 10.2.10.\u003c/p\u003e" } ], "value": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10." } ], "impacts": [ { "capecId": "CAPEC-165", "descriptions": [ { "lang": "en", "value": "CAPEC-165 File Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390 Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-05T14:42:07.812Z", "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal" }, "references": [ { "url": "https://www.drupal.org/sa-core-2024-002" } ], "source": { "discovery": "UNKNOWN" }, "title": "Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "assignerShortName": "drupal", "cveId": "CVE-2024-11942", "datePublished": "2024-12-05T14:42:07.812Z", "dateReserved": "2024-11-27T23:16:49.385Z", "dateUpdated": "2024-12-05T15:41:56.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12086 (GCVE-0-2024-12086)
Vulnerability from cvelistv5
Published
2025-01-14 17:37
Modified
2025-07-29 09:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► |
Version: 0 ≤ 3.3.0 |
|||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12086", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-26T14:14:25.165183Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-26T14:20:53.620Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "references": [ { "tags": [ "exploit" ], "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/RsyncProject/rsync", "defaultStatus": "unaffected", "packageName": "rsync", "versions": [ { "lessThanOrEqual": "3.3.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "rsync", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "rsync", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "rsync", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "rsync", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "rsync", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue." } ], "datePublic": "2025-01-14T15:06:00.000Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T09:31:17.273Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-12086" }, { "name": "RHBZ#2330577", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577" }, { "url": "https://kb.cert.org/vuls/id/952657" } ], "timeline": [ { "lang": "en", "time": "2024-12-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2025-01-14T15:06:00+00:00", "value": "Made public." } ], "title": "Rsync: rsync server leaks arbitrary client files", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-12086", "datePublished": "2025-01-14T17:37:54.960Z", "dateReserved": "2024-12-03T08:57:58.397Z", "dateUpdated": "2025-07-29T09:31:17.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20316 (GCVE-0-2024-20316)
Vulnerability from cvelistv5
Published
2024-03-27 16:49
Modified
2024-08-01 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).
This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XE Software |
Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.5b Version: 16.3.6 Version: 16.3.7 Version: 16.3.8 Version: 16.3.9 Version: 16.3.10 Version: 16.3.11 Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1a Version: 16.5.1b Version: 16.5.2 Version: 16.5.3 Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.5 Version: 16.6.4a Version: 16.6.5a Version: 16.6.6 Version: 16.6.7 Version: 16.6.8 Version: 16.6.9 Version: 16.6.10 Version: 16.7.1 Version: 16.7.2 Version: 16.7.3 Version: 16.8.1 Version: 16.8.1a Version: 16.8.1b Version: 16.8.1s Version: 16.8.1c Version: 16.8.2 Version: 16.8.3 Version: 16.9.1 Version: 16.9.2 Version: 16.9.1a Version: 16.9.1b Version: 16.9.1s Version: 16.9.3 Version: 16.9.4 Version: 16.9.3a Version: 16.9.5 Version: 16.9.5f Version: 16.9.6 Version: 16.9.7 Version: 16.9.8 Version: 16.10.1 Version: 16.10.1a Version: 16.10.1b Version: 16.10.1s Version: 16.10.1e Version: 16.10.2 Version: 16.10.3 Version: 16.11.1 Version: 16.11.1a Version: 16.11.1b Version: 16.11.2 Version: 16.11.1s Version: 16.12.1 Version: 16.12.1s Version: 16.12.1a Version: 16.12.1c Version: 16.12.2 Version: 16.12.2a Version: 16.12.3 Version: 16.12.8 Version: 16.12.2s Version: 16.12.1t Version: 16.12.4 Version: 16.12.3s Version: 16.12.3a Version: 16.12.4a Version: 16.12.5 Version: 16.12.6 Version: 16.12.5a Version: 16.12.5b Version: 16.12.6a Version: 16.12.7 Version: 16.12.9 Version: 16.12.10 Version: 16.12.10a Version: 16.12.11 Version: 17.1.1 Version: 17.1.1a Version: 17.1.1s Version: 17.1.1t Version: 17.1.3 Version: 17.2.1 Version: 17.2.1r Version: 17.2.1a Version: 17.2.1v Version: 17.2.2 Version: 17.2.3 Version: 17.3.1 Version: 17.3.2 Version: 17.3.3 Version: 17.3.1a Version: 17.3.2a Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.4b Version: 17.3.4c Version: 17.3.5a Version: 17.3.5b Version: 17.3.7 Version: 17.3.8 Version: 17.3.8a Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.4.2a Version: 17.5.1 Version: 17.5.1a Version: 17.6.1 Version: 17.6.2 Version: 17.6.1a Version: 17.6.3 Version: 17.6.3a Version: 17.6.4 Version: 17.6.5 Version: 17.6.6 Version: 17.6.6a Version: 17.6.5a Version: 17.7.1 Version: 17.7.1a Version: 17.7.1b Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.10.1b Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.2 Version: 17.9.1a Version: 17.9.3 Version: 17.9.2a Version: 17.9.3a Version: 17.9.4 Version: 17.9.4a Version: 17.11.1 Version: 17.11.1a Version: 17.12.1 Version: 17.12.1a Version: 17.12.2 Version: 17.12.2a Version: 17.11.99SW |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe", "vendor": "cisco", "versions": [ { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "16.12.11" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20316", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-29T17:11:12.713334Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T16:25:58.752Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "16.12.11" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).\r\n\r This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "Detection of Error Condition Without Action", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T16:49:03.113Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz" } ], "source": { "advisory": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz", "defects": [ "CSCwf92391", "CSCwe12169" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20316", "datePublished": "2024-03-27T16:49:03.113Z", "dateReserved": "2023-11-08T15:08:07.632Z", "dateUpdated": "2024-08-01T21:59:42.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27919 (GCVE-0-2024-27919)
Vulnerability from cvelistv5
Published
2024-04-04 14:30
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.2 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "envoy", "vendor": "envoyproxy", "versions": [ { "lessThan": "1.29.2", "status": "affected", "version": "1.29.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-27919", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T00:03:09.545061Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-16T00:04:41.158Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r" }, { "name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "envoy", "vendor": "envoyproxy", "versions": [ { "status": "affected", "version": "\u003e= 1.29.0, \u003c 1.29.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390: Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T18:07:45.997Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r" }, { "name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "source": { "advisory": "GHSA-gghf-vfxp-799r", "discovery": "UNKNOWN" }, "title": "HTTP/2: memory exhaustion due to CONTINUATION frame flood" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-27919", "datePublished": "2024-04-04T14:30:11.144Z", "dateReserved": "2024-02-28T15:14:14.214Z", "dateUpdated": "2025-02-13T17:47:14.133Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-30255 (GCVE-0-2024-30255)
Vulnerability from cvelistv5
Published
2024-04-04 19:41
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.3 Version: >= 1.28.0, < 1.28.2 Version: >= 1.27.0, < 1.27.4 Version: < 1.26.8 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "envoy", "vendor": "envoyproxy", "versions": [ { "lessThan": "1.29.3", "status": "affected", "version": "1.29.0", "versionType": "custom" }, { "lessThan": "1.28.2", "status": "affected", "version": "1.28.0", "versionType": "custom" }, { "lessThan": "1.27.4", "status": "affected", "version": "1.27.0", "versionType": "custom" }, { "lessThan": "1.26.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-30255", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-08T14:58:49.679014Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-16T13:47:51.426Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:32:05.423Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "envoy", "vendor": "envoyproxy", "versions": [ { "status": "affected", "version": "\u003e= 1.29.0, \u003c 1.29.3" }, { "status": "affected", "version": "\u003e= 1.28.0, \u003c 1.28.2" }, { "status": "affected", "version": "\u003e= 1.27.0, \u003c 1.27.4" }, { "status": "affected", "version": "\u003c 1.26.8" } ] } ], "descriptions": [ { "lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy\u0027s header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390: Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T18:07:47.558Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "source": { "advisory": "GHSA-j654-3ccm-vfmm", "discovery": "UNKNOWN" }, "title": "HTTP/2: CPU exhaustion due to CONTINUATION frame flood" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-30255", "datePublished": "2024-04-04T19:41:02.634Z", "dateReserved": "2024-03-26T12:52:00.934Z", "dateUpdated": "2025-02-13T17:47:46.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-49841 (GCVE-0-2024-49841)
Vulnerability from cvelistv5
Published
2025-05-06 08:32
Modified
2025-05-07 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Qualcomm, Inc. | Snapdragon |
Version: AQT1000 Version: AR8035 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QAM8620P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6688AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCC710 Version: QCM5430 Version: QCM6490 Version: QCM8550 Version: QCN6224 Version: QCN6274 Version: QCN9274 Version: QCS5430 Version: QCS6490 Version: QCS8300 Version: QCS8550 Version: QCS9100 Version: QDU1000 Version: QDU1010 Version: QDU1110 Version: QDU1210 Version: QDX1010 Version: QDX1011 Version: QEP8111 Version: QFW7114 Version: QFW7124 Version: QMP1000 Version: QRU1032 Version: QRU1052 Version: QRU1062 Version: QSM8350 Version: Qualcomm Video Collaboration VC3 Platform Version: Robotics RB3 Platform Version: SA6145P Version: SA6155 Version: SA6155P Version: SA7255P Version: SA7775P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8255P Version: SA8295P Version: SA8540P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SC8380XP Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD670 Version: SD675 Version: SD855 Version: SD865 5G Version: SDX55 Version: SDX57M Version: SDX80M Version: SM7250P Version: SM8735 Version: SM8750 Version: SM8750P Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 850 Mobile Compute Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR1 Gen 1 Platform Version: Snapdragon AR1 Gen 1 Platform "Luna1" Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Gen 2 Version: Snapdragon X24 LTE Modem Version: Snapdragon X32 5G Modem-RF System Version: Snapdragon X35 5G Modem-RF System Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X62 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X72 5G Modem-RF System Version: Snapdragon X75 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: SRV1H Version: SRV1L Version: SRV1M Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2130 Version: SXR2330P Version: Vision Intelligence 300 Platform Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9378 Version: WCD9380 Version: WCD9385 Version: WCD9390 Version: WCD9395 Version: WCN3950 Version: WCN3980 Version: WCN3990 Version: WCN7750 Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49841", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-05-07T03:55:34.813937Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-07T18:54:32.715Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon MDM", "Snapdragon Mobile", "Snapdragon Technology" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "FastConnect 6700" }, { "status": "affected", "version": "FastConnect 6800" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "QAM8255P" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QAM8620P" }, { "status": "affected", "version": "QAM8650P" }, { "status": "affected", "version": "QAM8775P" }, { "status": "affected", "version": "QAMSRV1H" }, { "status": "affected", "version": "QAMSRV1M" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6678AQ" }, { "status": "affected", "version": "QCA6688AQ" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA6698AQ" }, { "status": "affected", "version": "QCA6797AQ" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCC710" }, { "status": "affected", "version": "QCM5430" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCM8550" }, { "status": "affected", "version": "QCN6224" }, { "status": "affected", "version": "QCN6274" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS5430" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCS8300" }, { "status": "affected", "version": "QCS8550" }, { "status": "affected", "version": "QCS9100" }, { "status": "affected", "version": "QDU1000" }, { "status": "affected", "version": "QDU1010" }, { "status": "affected", "version": "QDU1110" }, { "status": "affected", "version": "QDU1210" }, { "status": "affected", "version": "QDX1010" }, { "status": "affected", "version": "QDX1011" }, { "status": "affected", "version": "QEP8111" }, { "status": "affected", "version": "QFW7114" }, { "status": "affected", "version": "QFW7124" }, { "status": "affected", "version": "QMP1000" }, { "status": "affected", "version": "QRU1032" }, { "status": "affected", "version": "QRU1052" }, { "status": "affected", "version": "QRU1062" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "Qualcomm Video Collaboration VC3 Platform" }, { "status": "affected", "version": "Robotics RB3 Platform" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA7255P" }, { "status": "affected", "version": "SA7775P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8255P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SA8540P" }, { "status": "affected", "version": "SA8620P" }, { "status": "affected", "version": "SA8650P" }, { "status": "affected", "version": "SA8770P" }, { "status": "affected", "version": "SA8775P" }, { "status": "affected", "version": "SA9000P" }, { "status": "affected", "version": "SC8380XP" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX80M" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM8735" }, { "status": "affected", "version": "SM8750" }, { "status": "affected", "version": "SM8750P" }, { "status": "affected", "version": "Snapdragon 670 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 675 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 678 Mobile Platform (SM6150-AC)" }, { "status": "affected", "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)" }, { "status": "affected", "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)" }, { "status": "affected", "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 8 Gen 3 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 845 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 850 Mobile Compute Platform" }, { "status": "affected", "version": "Snapdragon 855 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)" }, { "status": "affected", "version": "Snapdragon 865 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)" }, { "status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)" }, { "status": "affected", "version": "Snapdragon 888 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)" }, { "status": "affected", "version": "Snapdragon AR1 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\"" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF Gen 2" }, { "status": "affected", "version": "Snapdragon X24 LTE Modem" }, { "status": "affected", "version": "Snapdragon X32 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X35 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X50 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X55 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X62 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X65 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X72 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X75 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon XR2 5G Platform" }, { "status": "affected", "version": "SRV1H" }, { "status": "affected", "version": "SRV1L" }, { "status": "affected", "version": "SRV1M" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2130" }, { "status": "affected", "version": "SXR2330P" }, { "status": "affected", "version": "Vision Intelligence 300 Platform" }, { "status": "affected", "version": "Vision Intelligence 400 Platform" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9378" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCD9390" }, { "status": "affected", "version": "WCD9395" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN7750" }, { "status": "affected", "version": "WCN7860" }, { "status": "affected", "version": "WCN7861" }, { "status": "affected", "version": "WCN7880" }, { "status": "affected", "version": "WCN7881" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" }, { "status": "affected", "version": "WSA8840" }, { "status": "affected", "version": "WSA8845" }, { "status": "affected", "version": "WSA8845H" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390 Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-06T08:32:18.628Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html" } ], "title": "Detection of Error Condition Without Action in Hypervisor" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2024-49841", "datePublished": "2025-05-06T08:32:18.628Z", "dateReserved": "2024-10-20T17:18:43.216Z", "dateUpdated": "2025-05-07T18:54:32.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-25204 (GCVE-0-2025-25204)
Vulnerability from cvelistv5
Published
2025-02-14 16:38
Modified
2025-03-03 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-25204", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-19T15:29:05.799010Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-03T19:13:28.888Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "cli", "vendor": "cli", "versions": [ { "status": "affected", "version": "\u003e= 2.49.0, \u003c 2.67.0" } ] } ], "descriptions": [ { "lang": "en", "value": "`gh` is GitHub\u2019s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub\u0027s Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`\u0027s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "CWE-390: Detection of Error Condition Without Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-14T16:38:29.038Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8" }, { "name": "https://github.com/cli/cli/issues/10418", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cli/cli/issues/10418" }, { "name": "https://github.com/cli/cli/pull/10421", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cli/cli/pull/10421" } ], "source": { "advisory": "GHSA-fgw4-v983-mgp8", "discovery": "UNKNOWN" }, "title": "`gh attestation verify` returns incorrect exit code during verification if no attestations are present" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-25204", "datePublished": "2025-02-14T16:38:29.038Z", "dateReserved": "2025-02-03T19:30:53.401Z", "dateUpdated": "2025-03-03T19:13:28.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Implementation
Description:
- Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
Mitigation
Phase: Implementation
Description:
- If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program.
Mitigation
Phase: Testing
Description:
- Subject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.
No CAPEC attack patterns related to this CWE.