CWE-405
Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."
CVE-2019-11479 (GCVE-0-2019-11479)
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:55:40.780Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "108818", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108818" }, { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "USN-4041-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4041-2/" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "USN-4041-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4041-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K35421172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "4.4.182", "status": "affected", "version": "4.4", "versionType": "custom" }, { "lessThan": "4.9.182", "status": "affected", "version": "4.9", "versionType": "custom" }, { "lessThan": "4.14.127", "status": "affected", "version": "4.14", "versionType": "custom" }, { "lessThan": "4.19.52", "status": "affected", "version": "4.19", "versionType": "custom" }, { "lessThan": "5.1.11", "status": "affected", "version": "5.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Jonathan Looney from Netflix" } ], "datePublic": "2019-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-20T21:14:56", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "name": "108818", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108818" }, { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "USN-4041-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4041-2/" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "USN-4041-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4041-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K35421172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" } ], "source": { "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.4", "version_value": "4.4.182" }, { "version_affected": "\u003c", "version_name": "4.9", "version_value": "4.9.182" }, { "version_affected": "\u003c", "version_name": "4.14", "version_value": "4.14.127" }, { "version_affected": "\u003c", "version_name": "4.19", "version_value": "4.19.52" }, { "version_affected": "\u003c", "version_name": "5.1", "version_value": "5.1.11" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Looney from Netflix" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, "references": { "reference_data": [ { "name": "108818", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108818" }, { "name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "USN-4041-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4041-2/" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "USN-4041-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4041-1/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { "name": "https://support.f5.com/csp/article/K35421172", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K35421172" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { "name": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" } ] }, "source": { "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-11479", "datePublished": "2019-06-18T23:34:51.124134Z", "dateReserved": "2019-04-23T00:00:00", "dateUpdated": "2024-09-16T23:22:00.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-21359 (GCVE-0-2021-21359)
Vulnerability from cvelistv5
Published
2021-03-23 01:55
Modified
2024-08-03 18:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:09:15.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://packagist.org/packages/typo3/cms-core" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "TYPO3.CMS", "vendor": "TYPO3", "versions": [ { "status": "affected", "version": "\u003e= 9.0.0, \u003c= 9.5.24" }, { "status": "affected", "version": "\u003e= 10.0.0, \u003c= 10.4.13" }, { "status": "affected", "version": "\u003e= 11.0.0, \u003c= 11.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-23T01:55:19", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://packagist.org/packages/typo3/cms-core" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p" }, { "tags": [ "x_refsource_MISC" ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005" } ], "source": { "advisory": "GHSA-4p9g-qgx9-397p", "discovery": "UNKNOWN" }, "title": "Denial of Service in Page Error Handling", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21359", "STATE": "PUBLIC", "TITLE": "Denial of Service in Page Error Handling" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "TYPO3.CMS", "version": { "version_data": [ { "version_value": "\u003e= 9.0.0, \u003c= 9.5.24" }, { "version_value": "\u003e= 10.0.0, \u003c= 10.4.13" }, { "version_value": "\u003e= 11.0.0, \u003c= 11.1.0" } ] } } ] }, "vendor_name": "TYPO3" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-674 Uncontrolled Recursion" } ] }, { "description": [ { "lang": "eng", "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, "references": { "reference_data": [ { "name": "https://packagist.org/packages/typo3/cms-core", "refsource": "MISC", "url": "https://packagist.org/packages/typo3/cms-core" }, { "name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p", "refsource": "CONFIRM", "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p" }, { "name": "https://typo3.org/security/advisory/typo3-core-sa-2021-005", "refsource": "MISC", "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005" } ] }, "source": { "advisory": "GHSA-4p9g-qgx9-397p", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21359", "datePublished": "2021-03-23T01:55:19", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:15.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-38447 (GCVE-0-2021-38447)
Vulnerability from cvelistv5
Published
2022-05-05 15:18
Modified
2025-04-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://opendds.org/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-38447", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T15:56:48.204248Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T16:23:41.117Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "OpenDDS", "vendor": "OCI", "versions": [ { "lessThan": "3.18.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), V\u00edctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research." } ], "descriptions": [ { "lang": "en", "value": "OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-05T15:18:06.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://opendds.org/" } ], "solutions": [ { "lang": "en", "value": "OCI recommends users update to version 3.18.1 of OpenDDS or later." } ], "source": { "discovery": "EXTERNAL" }, "title": "OCI OpenDDS Secure Amplification", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38447", "STATE": "PUBLIC", "TITLE": "OCI OpenDDS Secure Amplification" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenDDS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "3.18.1" } ] } } ] }, "vendor_name": "OCI" } ] } }, "credit": [ { "lang": "eng", "value": "Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), V\u00edctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02" }, { "name": "https://opendds.org/", "refsource": "CONFIRM", "url": "https://opendds.org/" } ] }, "solution": [ { "lang": "en", "value": "OCI recommends users update to version 3.18.1 of OpenDDS or later." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38447", "datePublished": "2022-05-05T15:18:06.000Z", "dateReserved": "2021-08-10T00:00:00.000Z", "dateUpdated": "2025-04-16T16:23:41.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-2992 (GCVE-0-2023-2992)
Vulnerability from cvelistv5
Published
2023-06-26 19:44
Modified
2024-09-16 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Lenovo | System Management Module (SMM) |
Version: various |
||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nextscale_n1200_enclosure_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "fhet60b-3.40", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinkagile_cp-cb-10e_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinkagile_cp-cb-10_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinkagile_hx_enclosure_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinkagile_hx_enclosure_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinkagile_vx_enclosure_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinkagile_vx_enclosure_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinksystem_d2_enclosure_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinksystem_da240_enclosure_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinksystem_da240_enclosure_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:lenovo:thinksystem_dw612_enclosure_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinksystem_dw612_enclosure_firmware", "vendor": "lenovo", "versions": [ { "lessThan": "tesm38c-1.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-2992", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-19T18:18:54.770375Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T18:19:01.571Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T06:41:04.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-127357" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "System Management Module (SMM)", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "Fan Power Controller (FPC)", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An unauthenticated \u0026nbsp;denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server." } ], "value": "An unauthenticated \u00a0denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405: Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T14:51:34.588Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-127357" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Upgrade to the firmware version (or newer) indicated for your model in the Lenovo Product Security:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-127357\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-127357\u003c/a\u003e" } ], "value": "Upgrade to the firmware version (or newer) indicated for your model in the Lenovo Product Security:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-127357" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-2992", "datePublished": "2023-06-26T19:44:40.121Z", "dateReserved": "2023-05-30T16:27:48.220Z", "dateUpdated": "2024-09-16T14:51:34.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-0450 (GCVE-0-2024-0450)
Vulnerability from cvelistv5
Published
2024-03-19 15:12
Modified
2025-04-11 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-04-11T22:03:14.930Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/python/cpython/issues/109858" }, { "tags": [ "x_transferred" ], "url": "https://www.bamsoftware.com/hacks/zipbomb/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" }, { "url": "https://security.netapp.com/advisory/ntap-20250411-0005/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpython", "vendor": "python", "versions": [ { "lessThan": "3.8.18", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "3.9.18" }, { "status": "affected", "version": "3.10.13" }, { "status": "affected", "version": "3.11.7" }, { "status": "affected", "version": "3.12.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0450", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-20T14:30:38.300055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-02T15:00:26.971Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "python" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "python" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "python" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "python" }, { "lessThan": "3.12.2", "status": "affected", "version": "3.12.0", "versionType": "python" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "python" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e" } ], "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:24:15.993Z", "orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/python/cpython/issues/109858" }, { "url": "https://www.bamsoftware.com/hacks/zipbomb/" }, { "tags": [ "vendor-advisory" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Quoted zip-bomb protection for zipfile", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "assignerShortName": "PSF", "cveId": "CVE-2024-0450", "datePublished": "2024-03-19T15:12:07.789Z", "dateReserved": "2024-01-11T22:16:41.964Z", "dateUpdated": "2025-04-11T22:03:14.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-11187 (GCVE-0-2024-11187)
Vulnerability from cvelistv5
Published
2025-01-29 21:40
Modified
2025-02-11 19:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-11187", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-30T15:27:46.174106Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-30T15:27:58.342Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-02-11T19:02:32.914Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20250207-0002/" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.11.37", "status": "affected", "version": "9.11.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.32", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.20.4", "status": "affected", "version": "9.20.0", "versionType": "custom" }, { "lessThanOrEqual": "9.21.3", "status": "affected", "version": "9.21.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-S1", "status": "affected", "version": "9.11.3-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.32-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention." } ], "datePublic": "2025-01-29T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-29T21:40:11.942Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2024-11187", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2024-11187" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Many records in the additional section cause CPU exhaustion", "workarounds": [ { "lang": "en", "value": "Setting option `minimal-responses yes;` provides an effective workaround." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2024-11187", "datePublished": "2025-01-29T21:40:11.942Z", "dateReserved": "2024-11-13T17:20:48.660Z", "dateUpdated": "2025-02-11T19:02:32.914Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28214 (GCVE-0-2024-28214)
Vulnerability from cvelistv5
Published
2024-03-07 04:49
Modified
2024-11-08 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:48:49.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "NAVER Security Advisory", "tags": [ "x_transferred" ], "url": "https://cve.naver.com/detail/cve-2024-28214.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-28214", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-07T16:46:08.193153Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T17:07:55.690Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "nGrinder", "vendor": "NAVER", "versions": [ { "status": "unaffected", "version": "3.5.9" } ] } ], "credits": [ { "lang": "en", "value": "Peter St\u00f6ckli of GitHub Security Lab" } ], "descriptions": [ { "lang": "en", "value": "nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T04:12:38.448Z", "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "shortName": "naver" }, "references": [ { "name": "NAVER Security Advisory", "url": "https://cve.naver.com/detail/cve-2024-28214.html" } ], "source": { "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "assignerShortName": "naver", "cveId": "CVE-2024-28214", "datePublished": "2024-03-07T04:49:57.531Z", "dateReserved": "2024-03-07T02:38:58.221Z", "dateUpdated": "2024-11-08T17:07:55.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-34702 (GCVE-0-2024-34702)
Vulnerability from cvelistv5
Published
2024-07-08 16:22
Modified
2024-08-02 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:randombit:botan:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "botan", "vendor": "randombit", "versions": [ { "lessThan": "3.5.0", "status": "affected", "version": "3.0.0", "versionType": "custom" }, { "lessThan": "2.19.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34702", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T17:49:00.765800Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T20:14:23.465Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:59:22.209Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j" }, { "name": "https://github.com/randombit/botan/pull/4034", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/pull/4034" }, { "name": "https://github.com/randombit/botan/pull/4045", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/pull/4045" }, { "name": "https://github.com/randombit/botan/pull/4047", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/pull/4047" }, { "name": "https://github.com/randombit/botan/pull/4052", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/pull/4052" }, { "name": "https://github.com/randombit/botan/pull/4186", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/pull/4186" }, { "name": "https://github.com/randombit/botan/pull/4187", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/pull/4187" }, { "name": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e" }, { "name": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac" }, { "name": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1" }, { "name": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf" }, { "name": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41" }, { "name": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "botan", "vendor": "randombit", "versions": [ { "status": "affected", "version": "\u003c 2.19.5" }, { "status": "affected", "version": "\u003e= 3.0.0, \u003c 3.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405: Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-08T16:22:37.770Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j" }, { "name": "https://github.com/randombit/botan/pull/4034", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/pull/4034" }, { "name": "https://github.com/randombit/botan/pull/4045", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/pull/4045" }, { "name": "https://github.com/randombit/botan/pull/4047", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/pull/4047" }, { "name": "https://github.com/randombit/botan/pull/4052", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/pull/4052" }, { "name": "https://github.com/randombit/botan/pull/4186", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/pull/4186" }, { "name": "https://github.com/randombit/botan/pull/4187", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/pull/4187" }, { "name": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e" }, { "name": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac" }, { "name": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1" }, { "name": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf" }, { "name": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41" }, { "name": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8" } ], "source": { "advisory": "GHSA-5gg9-hqpr-r58j", "discovery": "UNKNOWN" }, "title": "Botan has a Denial of Service Due to Excessive Name Constraints" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-34702", "datePublished": "2024-07-08T16:22:37.770Z", "dateReserved": "2024-05-07T13:53:00.132Z", "dateUpdated": "2024-08-02T02:59:22.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-34703 (GCVE-0-2024-34703)
Vulnerability from cvelistv5
Published
2024-06-30 20:22
Modified
2024-08-02 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.
References
► | URL | Tags |
---|---|---|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:randombit:botan:3.30:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "botan", "vendor": "randombit", "versions": [ { "lessThan": "3.3.1", "status": "affected", "version": "3.30", "versionType": "custom" }, { "lessThan": "2.19.4", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34703", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-02T14:55:26.269940Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T15:13:21.603Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:59:21.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7" }, { "name": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4" }, { "name": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "botan", "vendor": "randombit", "versions": [ { "status": "affected", "version": "\u003e= 3.3.0, \u003c 3.3.0" }, { "status": "affected", "version": "\u003c 2.19.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405: Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-30T20:22:32.910Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7" }, { "name": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4" }, { "name": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a" } ], "source": { "advisory": "GHSA-w4g2-7m2h-7xj7", "discovery": "UNKNOWN" }, "title": "Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-34703", "datePublished": "2024-06-30T20:22:32.910Z", "dateReserved": "2024-05-07T13:53:00.132Z", "dateUpdated": "2024-08-02T02:59:21.982Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39743 (GCVE-0-2024-39743)
Vulnerability from cvelistv5
Published
2024-07-08 13:14
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | MQ Operator |
Version: 2.0.24, 3.2.2 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39743", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T17:41:53.322390Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T19:58:56.562Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:16.002Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7159714" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MQ Operator", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.24, 3.2.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172." } ], "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-12T13:48:40.013Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7159714" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM MQ Container denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-39743", "datePublished": "2024-07-08T13:14:43.915Z", "dateReserved": "2024-06-28T09:34:46.056Z", "dateUpdated": "2024-08-02T04:26:16.002Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- An application must make resources available to a client commensurate with the client's access level.
Mitigation
Phase: Architecture and Design
Description:
- An application must, at all times, keep track of allocated resources and meter their usage appropriately.
Mitigation
Phase: System Configuration
Description:
- Consider disabling resource-intensive algorithms on the server side, such as Diffie-Hellman key exchange.
No CAPEC attack patterns related to this CWE.