CWE-392
Missing Report of Error Condition
The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.
CVE-2017-2342 (GCVE-0-2017-2342)
Vulnerability from cvelistv5
Published
2017-07-14 14:00
Modified
2024-09-16 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-392 - Missing Report of Error Condition
Summary
MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 15.1X49 prior to 15.1X49-D100 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:48:05.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/JSA10790" }, { "name": "1038890", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038890" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "SRX300 series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "status": "affected", "version": "15.1X49 prior to 15.1X49-D100" } ] } ], "credits": [ { "lang": "en", "value": "Eric Haszlakiewicz and Thor Simon of Two Sigma Investments, LP" } ], "datePublic": "2017-07-12T00:00:00", "descriptions": [ { "lang": "en", "value": "MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-15T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/JSA10790" }, { "name": "1038890", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038890" } ], "title": "SRX Series: MACsec failure to report errors", "workarounds": [ { "lang": "en", "value": "There are no viable workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2017-07-12T09:00", "ID": "CVE-2017-2342", "STATE": "PUBLIC", "TITLE": "SRX Series: MACsec failure to report errors" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "platform": "SRX300 series", "version_value": "15.1X49 prior to 15.1X49-D100" } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "configuration": [], "credit": [ "Eric Haszlakiewicz and Thor Simon of Two Sigma Investments, LP" ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series." } ] }, "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-392: Missing Report of Error Condition" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.juniper.net/JSA10790", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10790" }, { "name": "1038890", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038890" } ] }, "solution": "The following software releases have been updated to resolve this specific issue:15.1X49-D100 and all subsequent releases.\n\nThis issue is being tracked as PR 1244795 and 1261983 and are visible on the Customer Support website.", "work_around": [ { "lang": "en", "value": "There are no viable workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." } ] } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2017-2342", "datePublished": "2017-07-14T14:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T16:27:33.007Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-42444 (GCVE-0-2023-42444)
Vulnerability from cvelistv5
Published
2023-09-19 14:47
Modified
2024-09-24 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
whisperfish | rust-phonenumber |
Version: < 0.2.5+8.11.3 Version: >= 0.3.0, < 0.3.3+8.3.19 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:23:38.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-42444", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T20:46:29.902328Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T20:46:54.422Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "rust-phonenumber", "vendor": "whisperfish", "versions": [ { "status": "affected", "version": "\u003c 0.2.5+8.11.3" }, { "status": "affected", "version": "\u003e= 0.3.0, \u003c 0.3.3+8.3.19" } ] } ], "descriptions": [ { "lang": "en", "value": "phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1284", "description": "CWE-1284: Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-19T14:47:22.026Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71" } ], "source": { "advisory": "GHSA-whhr-7f2w-qqj2", "discovery": "UNKNOWN" }, "title": "phonenumber panics on parsing crafted RF3966 inputs" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-42444", "datePublished": "2023-09-19T14:47:22.026Z", "dateReserved": "2023-09-08T20:57:45.572Z", "dateUpdated": "2024-09-24T20:46:54.422Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-42447 (GCVE-0-2023-42447)
Vulnerability from cvelistv5
Published
2023-09-19 14:57
Modified
2024-09-24 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
whisperfish | blurhash-rs |
Version: = 0.1.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:23:38.776Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-42447", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T18:48:49.696757Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T18:56:15.507Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "blurhash-rs", "vendor": "whisperfish", "versions": [ { "status": "affected", "version": "= 0.1.1" } ] } ], "descriptions": [ { "lang": "en", "value": "blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1284", "description": "CWE-1284: Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-19T14:57:16.784Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2" } ], "source": { "advisory": "GHSA-cxvp-82cq-57h2", "discovery": "UNKNOWN" }, "title": "blurhash panics on parsing crafted inputs" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-42447", "datePublished": "2023-09-19T14:57:16.784Z", "dateReserved": "2023-09-08T20:57:45.573Z", "dateUpdated": "2024-09-24T18:56:15.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-48430 (GCVE-0-2023-48430)
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2024-08-02 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-392 - Missing Report of Error Condition
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:30:35.228Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEC INS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.0 SP2 Update 2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart." } ], "metrics": [ { "cvssV3_1": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-12T11:27:22.091Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-48430", "datePublished": "2023-12-12T11:27:22.091Z", "dateReserved": "2023-11-16T16:30:40.849Z", "dateUpdated": "2024-08-02T21:30:35.228Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12797 (GCVE-0-2024-12797)
Vulnerability from cvelistv5
Published
2025-02-11 15:59
Modified
2025-02-18 14:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-392 - Missing Report of Error Condition
Summary
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
server may fail to notice that the server was not authenticated, because
handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode
is set.
Impact summary: TLS and DTLS connections using raw public keys may be
vulnerable to man-in-middle attacks when server authentication failure is not
detected by clients.
RPKs are disabled by default in both TLS clients and TLS servers. The issue
only arises when TLS clients explicitly enable RPK use by the server, and the
server, likewise, enables sending of an RPK instead of an X.509 certificate
chain. The affected clients are those that then rely on the handshake to
fail when the server's RPK fails to match one of the expected public keys,
by setting the verification mode to SSL_VERIFY_PEER.
Clients that enable server-side raw public keys can still find out that raw
public key verification failed by calling SSL_get_verify_result(), and those
that do, and take appropriate action, are not affected. This issue was
introduced in the initial implementation of RPK support in OpenSSL 3.2.
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-02-15T00:10:32.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2025/02/11/3" }, { "url": "http://www.openwall.com/lists/oss-security/2025/02/11/4" }, { "url": "https://security.netapp.com/advisory/ntap-20250214-0001/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-12797", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-14T20:24:14.595864Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T14:01:55.140Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.4.1", "status": "affected", "version": "3.4.0", "versionType": "semver" }, { "lessThan": "3.3.3", "status": "affected", "version": "3.3.0", "versionType": "semver" }, { "lessThan": "3.2.4", "status": "affected", "version": "3.2.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Apple Inc." }, { "lang": "en", "type": "remediation developer", "value": "Viktor Dukhovni" } ], "datePublic": "2025-02-11T14:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\u003cbr\u003eserver may fail to notice that the server was not authenticated, because\u003cbr\u003ehandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\u003cbr\u003eis set.\u003cbr\u003e\u003cbr\u003eImpact summary: TLS and DTLS connections using raw public keys may be\u003cbr\u003evulnerable to man-in-middle attacks when server authentication failure is not\u003cbr\u003edetected by clients.\u003cbr\u003e\u003cbr\u003eRPKs are disabled by default in both TLS clients and TLS servers. The issue\u003cbr\u003eonly arises when TLS clients explicitly enable RPK use by the server, and the\u003cbr\u003eserver, likewise, enables sending of an RPK instead of an X.509 certificate\u003cbr\u003echain. The affected clients are those that then rely on the handshake to\u003cbr\u003efail when the server\u0027s RPK fails to match one of the expected public keys,\u003cbr\u003eby setting the verification mode to SSL_VERIFY_PEER.\u003cbr\u003e\u003cbr\u003eClients that enable server-side raw public keys can still find out that raw\u003cbr\u003epublic key verification failed by calling SSL_get_verify_result(), and those\u003cbr\u003ethat do, and take appropriate action, are not affected. This issue was\u003cbr\u003eintroduced in the initial implementation of RPK support in OpenSSL 3.2.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue." } ], "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server\u0027s RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "High" }, "type": "https://openssl-library.org/policies/general/security-policy/" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392 Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-11T15:59:36.719Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://openssl-library.org/news/secadv/20250211.txt" }, { "name": "3.4.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9" }, { "name": "3.3.3 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699" }, { "name": "3.2.4 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7" } ], "source": { "discovery": "UNKNOWN" }, "title": "RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2024-12797", "datePublished": "2025-02-11T15:59:36.719Z", "dateReserved": "2024-12-19T13:54:37.212Z", "dateUpdated": "2025-02-18T14:01:55.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39697 (GCVE-0-2024-39697)
Vulnerability from cvelistv5
Published
2024-07-09 14:16
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
whisperfish | rust-phonenumber |
Version: >= 0.3.4, < 0.3.6 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*" ], "defaultStatus": "unknown", "product": "phonenumber", "vendor": "whisperfish", "versions": [ { "lessThan": "0.3.6", "status": "affected", "version": "0.3.4", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39697", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T21:32:25.872927Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T21:33:39.716Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:16.016Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687" }, { "name": "https://github.com/whisperfish/rust-phonenumber/issues/69", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/issues/69" }, { "name": "https://github.com/whisperfish/rust-phonenumber/pull/52", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/pull/52" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "rust-phonenumber", "vendor": "whisperfish", "versions": [ { "status": "affected", "version": "\u003e= 0.3.4, \u003c 0.3.6" } ] } ], "descriptions": [ { "lang": "en", "value": "phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the \"number\" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1284", "description": "CWE-1284: Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T14:16:38.493Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687" }, { "name": "https://github.com/whisperfish/rust-phonenumber/issues/69", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/whisperfish/rust-phonenumber/issues/69" }, { "name": "https://github.com/whisperfish/rust-phonenumber/pull/52", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/whisperfish/rust-phonenumber/pull/52" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203" }, { "name": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407" } ], "source": { "advisory": "GHSA-mjw4-jj88-v687", "discovery": "UNKNOWN" }, "title": "phonenumber panics on parsing crafted phonenumber inputs" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-39697", "datePublished": "2024-07-09T14:16:38.493Z", "dateReserved": "2024-06-27T18:44:13.037Z", "dateUpdated": "2024-08-02T04:26:16.016Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-23270 (GCVE-0-2025-23270)
Vulnerability from cvelistv5
Published
2025-07-17 19:59
Modified
2025-07-17 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-392 - Missing Report of Error Condition
Summary
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NVIDIA | Jetson Orin, IGX Orin and Xavier Devices |
Version: NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2 Version: NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4 Version: NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2 Version: IGX Orin All versions prior to IGX 1.1.2 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-23270", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-07-17T20:21:29.502391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-17T20:21:39.590Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Jetson Linux", "IGX OS" ], "product": "Jetson Orin, IGX Orin and Xavier Devices", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2" }, { "status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4" }, { "status": "affected", "version": "NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2" }, { "status": "affected", "version": "IGX Orin All versions prior to IGX 1.1.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure." } ], "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Code execution, data tampering, denial of service, information disclosure" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-17T19:59:24.528Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2025-23270", "datePublished": "2025-07-17T19:59:24.528Z", "dateReserved": "2025-01-14T01:06:23.292Z", "dateUpdated": "2025-07-17T20:21:39.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-26268 (GCVE-0-2025-26268)
Vulnerability from cvelistv5
Published
2025-04-17 00:00
Modified
2025-04-17 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-392 - Missing Report of Error Condition
Summary
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
DragonflyDB | Dragonfly |
Version: 0 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-26268", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-17T19:12:28.473396Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-17T19:12:46.786Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "references": [ { "tags": [ "exploit" ], "url": "https://github.com/dragonflydb/dragonfly/issues/4466" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Dragonfly", "vendor": "DragonflyDB", "versions": [ { "lessThan": "1.27.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392 Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-17T17:48:47.667Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/dragonflydb/dragonfly/issues/4466" }, { "url": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243" }, { "url": "https://github.com/dragonflydb/dragonfly/compare/v1.26.4...v1.27.0" } ], "x_generator": { "engine": "enrichogram 0.0.1" } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2025-26268", "datePublished": "2025-04-17T00:00:00.000Z", "dateReserved": "2025-02-07T00:00:00.000Z", "dateUpdated": "2025-04-17T19:12:46.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-32743 (GCVE-0-2025-32743)
Vulnerability from cvelistv5
Published
2025-04-10 00:00
Modified
2025-04-10 14:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-392 - Missing Report of Error Condition
Summary
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-32743", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T14:30:10.050718Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T14:30:27.850Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "ConnMan", "vendor": "ConnMan", "versions": [ { "lessThanOrEqual": "1.44", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:connman:connman:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.44", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-392", "description": "CWE-392 Missing Report of Error Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-10T13:24:48.982Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1688" }, { "url": "https://lapis-sawfish-be3.notion.site/0-click-Vulnerability-in-Comman-1-43_v3-1cadc00d01d080b0b3b9c46a6da584cc" } ], "x_generator": { "engine": "enrichogram 0.0.1" } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2025-32743", "datePublished": "2025-04-10T00:00:00.000Z", "dateReserved": "2025-04-10T00:00:00.000Z", "dateUpdated": "2025-04-10T14:30:27.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.