Common Weakness Enumeration

CWE-122

Allowed

Heap-based Buffer Overflow

Abstraction: Variant · Status: Draft

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

4106 vulnerabilities reference this CWE, most recent first.

CVE-2024-56805 (GCVE-0-2024-56805)

Vulnerability from cvelistv5 – Published: 2025-06-06 15:53 – Updated: 2025-06-06 16:35
VLAI
Title
QTS, QuTS hero
Summary
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.2.x , < 5.2.4.3079 build 20250321 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.2.x , < h5.2.4.3079 build 20250321 (custom)
Create a notification for this product.
Credits
Searat and izut
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-06T16:19:29.385950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-06T16:35:40.607Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.4.3079 build 20250321",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.4.3079 build 20250321",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Searat and izut"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.4.3079 build 20250321 and later\u003cbr\u003eQuTS hero h5.2.4.3079 build 20250321 and later\u003cbr\u003e"
            }
          ],
          "value": "A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-06T15:53:13.936Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-12"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.4.3079 build 20250321 and later\u003cbr\u003eQuTS hero h5.2.4.3079 build 20250321 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-12",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-56805",
    "datePublished": "2025-06-06T15:53:13.936Z",
    "dateReserved": "2024-12-31T09:31:29.719Z",
    "dateUpdated": "2025-06-06T16:35:40.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56737 (GCVE-0-2024-56737)

Vulnerability from cvelistv5 – Published: 2024-12-29 00:00 – Updated: 2024-12-31 18:17
VLAI
Summary
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
GNU GRUB2 Affected: 2.00 , ≤ 2.12 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56737",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T18:16:13.906625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T18:17:21.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GRUB2",
          "vendor": "GNU",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "2.00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.12",
                  "versionStartIncluding": "2.00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-29T06:43:09.520Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://savannah.gnu.org/bugs/?66599"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-56737",
    "datePublished": "2024-12-29T00:00:00.000Z",
    "dateReserved": "2024-12-29T00:00:00.000Z",
    "dateUpdated": "2024-12-31T18:17:21.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56732 (GCVE-0-2024-56732)

Vulnerability from cvelistv5 – Published: 2024-12-27 20:01 – Updated: 2024-12-28 16:48
VLAI
Title
HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
Summary
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
harfbuzz harfbuzz Affected: >= 8.5.0, <= 10.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56732",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-28T16:46:53.686962Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T16:48:04.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "harfbuzz",
          "vendor": "harfbuzz",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.5.0, \u003c= 10.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-27T20:01:50.275Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m"
        },
        {
          "name": "https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26"
        }
      ],
      "source": {
        "advisory": "GHSA-qmp9-xqm5-jh6m",
        "discovery": "UNKNOWN"
      },
      "title": "HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-56732",
    "datePublished": "2024-12-27T20:01:50.275Z",
    "dateReserved": "2024-12-27T15:17:18.511Z",
    "dateUpdated": "2024-12-28T16:48:04.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56406 (GCVE-0-2024-56406)

Vulnerability from cvelistv5 – Published: 2025-04-13 13:16 – Updated: 2025-10-16 14:04
VLAI
Title
Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
Summary
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
perl perl Affected: 5.41.0 , ≤ 5.41.10 (custom)
Affected: 5.39.0 , < 5.40.2-RC1 (custom)
Affected: 5.33.1 , < 5.38.4-RC1 (custom)
Create a notification for this product.
Credits
Nathan Mills
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-13T22:02:35.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T14:04:16.993103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T14:04:20.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "perl",
          "product": "perl",
          "programFiles": [
            "op.c"
          ],
          "programRoutines": [
            {
              "name": "S_pmtrans"
            },
            {
              "name": "tr"
            }
          ],
          "repo": "https://github.com/Perl/perl5/",
          "vendor": "perl",
          "versions": [
            {
              "lessThanOrEqual": "5.41.10",
              "status": "affected",
              "version": "5.41.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.40.2-RC1",
              "status": "affected",
              "version": "5.39.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.38.4-RC1",
              "status": "affected",
              "version": "5.33.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nathan Mills"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A heap buffer overflow vulnerability was discovered in Perl. \u003cbr\u003e\u003cbr\u003eRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\u003cbr\u003e\u003cbr\u003eWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026nbsp;$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \u003cbr\u003e\u0026nbsp; \u0026nbsp;Segmentation fault (core dumped)\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-13T19:29:56.569Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2024-56406",
    "datePublished": "2025-04-13T13:16:09.841Z",
    "dateReserved": "2024-12-23T02:07:38.152Z",
    "dateUpdated": "2025-10-16T14:04:20.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-55627 (GCVE-0-2024-55627)

Vulnerability from cvelistv5 – Published: 2025-01-06 17:50 – Updated: 2025-01-06 19:15
VLAI
Title
Suricata segfault on StreamingBufferSlideToOffsetWithRegions
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-191 - Integer Underflow (Wrap or Wraparound)
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
OISF suricata Affected: < 7.0.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55627",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T19:15:00.575209Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T19:15:13.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "suricata",
          "vendor": "OISF",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-06T17:50:41.554Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/7393",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/7393"
        }
      ],
      "source": {
        "advisory": "GHSA-h2mv-7gg8-8x7v",
        "discovery": "UNKNOWN"
      },
      "title": "Suricata segfault on StreamingBufferSlideToOffsetWithRegions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-55627",
    "datePublished": "2025-01-06T17:50:41.554Z",
    "dateReserved": "2024-12-09T17:48:05.556Z",
    "dateUpdated": "2025-01-06T19:15:13.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54094 (GCVE-0-2024-54094)

Vulnerability from cvelistv5 – Published: 2024-12-10 13:54 – Updated: 2024-12-10 17:20
VLAI
Summary
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Siemens Solid Edge SE2024 Affected: 0 , < V224.0 Update 5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:13:47.704229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T17:20:25.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Solid Edge SE2024",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V224.0 Update 5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions \u003c V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T13:54:20.014Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-54094",
    "datePublished": "2024-12-10T13:54:20.014Z",
    "dateReserved": "2024-11-28T14:29:08.705Z",
    "dateUpdated": "2024-12-10T17:20:25.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54093 (GCVE-0-2024-54093)

Vulnerability from cvelistv5 – Published: 2024-12-10 13:54 – Updated: 2024-12-10 17:20
VLAI
Summary
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Siemens Solid Edge SE2024 Affected: 0 , < V224.0 Update 5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:14:09.724852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T17:20:07.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Solid Edge SE2024",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V224.0 Update 5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions \u003c V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T13:54:18.597Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-54093",
    "datePublished": "2024-12-10T13:54:18.597Z",
    "dateReserved": "2024-11-28T14:29:08.704Z",
    "dateUpdated": "2024-12-10T17:20:07.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53957 (GCVE-0-2024-53957)

Vulnerability from cvelistv5 – Published: 2024-12-10 21:21 – Updated: 2024-12-11 14:49
VLAI
Title
Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)
Summary
Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
Impacted products
Vendor Product Version
Adobe Substance3D - Painter Affected: 0 , ≤ 10.1.1 (semver)
Create a notification for this product.
Date Public
2024-12-10 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-53957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T14:42:42.881096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T14:49:03.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-12-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T21:21:32.309Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-105.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-53957",
    "datePublished": "2024-12-10T21:21:32.309Z",
    "dateReserved": "2024-11-25T17:39:04.108Z",
    "dateUpdated": "2024-12-11T14:49:03.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53956 (GCVE-0-2024-53956)

Vulnerability from cvelistv5 – Published: 2024-12-10 21:18 – Updated: 2024-12-17 04:55
VLAI
Title
Premiere Pro | Heap-based Buffer Overflow (CWE-122)
Summary
Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
Impacted products
Vendor Product Version
Adobe Premiere Pro Affected: 0 , ≤ 24.6.3 (semver)
Create a notification for this product.
Date Public
2024-12-10 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-53956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-17T04:55:56.183Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Premiere Pro",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "24.6.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-12-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T21:18:08.121Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb24-104.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Premiere Pro | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-53956",
    "datePublished": "2024-12-10T21:18:08.121Z",
    "dateReserved": "2024-11-25T17:39:04.108Z",
    "dateUpdated": "2024-12-17T04:55:56.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52999 (GCVE-0-2024-52999)

Vulnerability from cvelistv5 – Published: 2024-12-10 21:12 – Updated: 2024-12-11 14:50
VLAI
Title
Substance3D - Modeler | Heap-based Buffer Overflow (CWE-122)
Summary
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
Impacted products
Vendor Product Version
Adobe Substance3D - Modeler Affected: 0 , ≤ 1.14.1 (semver)
Create a notification for this product.
Date Public
2024-12-10 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T14:43:05.511054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T14:50:53.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Modeler",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "1.14.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-12-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T21:12:16.182Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Modeler | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-52999",
    "datePublished": "2024-12-10T21:12:16.182Z",
    "dateReserved": "2024-11-18T17:46:25.284Z",
    "dateUpdated": "2024-12-11T14:50:53.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Pre-design: Use a language or compiler that performs automatic bounds checking.

Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Strategy: Libraries or Frameworks

Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.

Mitigation
Operation

Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.