CWE-122
AllowedHeap-based Buffer Overflow
Abstraction: Variant · Status: Draft
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
4094 vulnerabilities reference this CWE, most recent first.
CVE-2024-3447 (GCVE-0-2024-3447)
Vulnerability from cvelistv5 – Published: 2024-11-14 12:10 – Updated: 2026-05-12 11:30- CWE-122 - Heap-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
1.5.0 , < 9.0.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 Advanced Virtualization |
cpe:/a:redhat:advanced_virtualization:8::el8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000RE |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1400 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1500 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1501 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1510 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1511 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1512 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1524 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1536 |
Affected:
0 , < V2.17.1
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX5000 |
Affected:
0 , < V2.17.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:53:42.574300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:32:53.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:52.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:30:37.130Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "unaffected",
"packageName": "qemu",
"versions": [
{
"lessThan": "9.0.0",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Chuhong Yuan for reporting this issue."
}
],
"datePublic": "2024-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T12:10:36.880Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3447"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"
},
{
"name": "RHBZ#2274123",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123"
},
{
"url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-09T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-04T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-3447",
"datePublished": "2024-11-14T12:10:36.880Z",
"dateReserved": "2024-04-08T07:52:52.103Z",
"dateUpdated": "2026-05-12T11:30:37.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3209 (GCVE-0-2024-3209)
Vulnerability from cvelistv5 – Published: 2024-04-02 23:00 – Updated: 2025-02-13 17:52- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.259055 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.259055 | signaturepermissions-required |
| https://vuldb.com/?submit.304575 | third-party-advisory |
| https://drive.google.com/drive/folders/1qlUXvycOz… | exploit |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T15:53:27.497986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:05.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259055 | UPX bele.h get_ne64 heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259055"
},
{
"name": "VDB-259055 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259055"
},
{
"name": "Submit #304575 | UPX upx commit 06b0de9c77551cd4e856d453e094d8a0b6ef0d6d heap buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.304575"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4DNK3AFPT4KIPTBKGCJ6FC3L7AWI2TN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AE5OZ7YUEVLXVVS6PFP5RELVICQ4K6QK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UPX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AlkaidLx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in UPX bis 4.2.2 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion get_ne64 der Datei bele.h. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T23:06:10.807Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259055 | UPX bele.h get_ne64 heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259055"
},
{
"name": "VDB-259055 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259055"
},
{
"name": "Submit #304575 | UPX upx commit 06b0de9c77551cd4e856d453e094d8a0b6ef0d6d heap buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.304575"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4DNK3AFPT4KIPTBKGCJ6FC3L7AWI2TN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AE5OZ7YUEVLXVVS6PFP5RELVICQ4K6QK/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-02T18:55:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "UPX bele.h get_ne64 heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3209",
"datePublished": "2024-04-02T23:00:05.494Z",
"dateReserved": "2024-04-02T16:49:29.693Z",
"dateUpdated": "2025-02-13T17:52:09.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3207 (GCVE-0-2024-3207)
Vulnerability from cvelistv5 – Published: 2024-04-02 22:31 – Updated: 2024-08-21 14:43- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.259054 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.259054 | signaturepermissions-required |
| https://vuldb.com/?submit.304572 | third-party-advisory |
| https://drive.google.com/drive/folders/1z0JBsZ-QR… | exploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259054"
},
{
"name": "VDB-259054 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259054"
},
{
"name": "Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.304572"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ermig1979:simd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simd",
"vendor": "ermig1979",
"versions": [
{
"status": "affected",
"version": "6.0.134"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:41:43.421031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:43:17.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simd",
"vendor": "ermig1979",
"versions": [
{
"status": "affected",
"version": "6.0.134"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AlkaidLx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In ermig1979 Simd bis 6.0.134 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion ReadUnsigned der Datei src/Simd/SimdMemoryStream.h. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T22:31:07.068Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259054"
},
{
"name": "VDB-259054 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259054"
},
{
"name": "Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.304572"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-02T18:50:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3207",
"datePublished": "2024-04-02T22:31:07.068Z",
"dateReserved": "2024-04-02T16:44:51.205Z",
"dateUpdated": "2024-08-21T14:43:17.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3204 (GCVE-0-2024-3204)
Vulnerability from cvelistv5 – Published: 2024-04-02 22:00 – Updated: 2024-08-01 20:05- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.259051 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.259051 | signaturepermissions-required |
| https://vuldb.com/?submit.304557 | third-party-advisory |
| https://drive.google.com/drive/folders/1T1k3UeS09… | exploit |
| https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3 | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | c-blosc2 |
Affected:
2.13.0
Affected: 2.13.1 Affected: 2.13.2 |
|
| c-blosc2_project | c-blosc2 |
Affected:
2.13.0
Affected: 2.13.1 Affected: 2.13.2 cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.0:*:*:*:*:*:*:* cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.1:*:*:*:*:*:*:* cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c-blosc2",
"vendor": "c-blosc2_project",
"versions": [
{
"status": "affected",
"version": "2.13.0"
},
{
"status": "affected",
"version": "2.13.1"
},
{
"status": "affected",
"version": "2.13.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:36:48.362947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:40:00.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259051 | c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259051"
},
{
"name": "VDB-259051 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259051"
},
{
"name": "Submit #304557 | blosc c-blosc2 commit 1dd1e55cb329d01c210da77ceb53027853c35b72 heap-buffer-overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.304557"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "c-blosc2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.13.0"
},
{
"status": "affected",
"version": "2.13.1"
},
{
"status": "affected",
"version": "2.13.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AlkaidLx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051."
},
{
"lang": "de",
"value": "In c-blosc2 bis 2.13.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ndlz4_decompress der Datei /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.14.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-06T16:02:36.751Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259051 | c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259051"
},
{
"name": "VDB-259051 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259051"
},
{
"name": "Submit #304557 | blosc c-blosc2 commit 1dd1e55cb329d01c210da77ceb53027853c35b72 heap-buffer-overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.304557"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T18:06:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3204",
"datePublished": "2024-04-02T22:00:08.396Z",
"dateReserved": "2024-04-02T16:34:49.104Z",
"dateUpdated": "2024-08-01T20:05:08.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3203 (GCVE-0-2024-3203)
Vulnerability from cvelistv5 – Published: 2024-04-02 22:00 – Updated: 2024-08-01 20:05- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.259050 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.259050 | signaturepermissions-required |
| https://vuldb.com/?submit.304556 | third-party-advisory |
| https://drive.google.com/drive/folders/1T1k3UeS09… | exploit |
| https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3 | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T15:02:29.729304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:24.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259050 | c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259050"
},
{
"name": "VDB-259050 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259050"
},
{
"name": "Submit #304556 | blosc c-blosc2 1dd1e55cb329d01c210da77ceb53027853c35b72 heap-buffer-overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.304556"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "c-blosc2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.13.0"
},
{
"status": "affected",
"version": "2.13.1"
},
{
"status": "affected",
"version": "2.13.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AlkaidLx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in c-blosc2 bis 2.13.2 gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ndlz8_decompress der Datei /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. Dank der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.14.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-06T16:02:35.290Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259050 | c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259050"
},
{
"name": "VDB-259050 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259050"
},
{
"name": "Submit #304556 | blosc c-blosc2 1dd1e55cb329d01c210da77ceb53027853c35b72 heap-buffer-overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.304556"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T18:07:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3203",
"datePublished": "2024-04-02T22:00:06.695Z",
"dateReserved": "2024-04-02T16:34:46.901Z",
"dateUpdated": "2024-08-01T20:05:07.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3024 (GCVE-0-2024-3024)
Vulnerability from cvelistv5 – Published: 2024-03-28 02:00 – Updated: 2024-08-01 19:32- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.258333 | vdb-entrytechnical-descriptionexploit |
| https://vuldb.com/?ctiid.258333 | signaturepermissions-required |
| https://vuldb.com/?submit.297866 | third-party-advisory |
| https://docs.google.com/document/d/1wCIrViAJwGsO5… | related |
| https://drive.google.com/file/d/1zV9MSkfYLIrdtK3y… | broken-linkexploit |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appneta:tcpreplay:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tcpreplay",
"vendor": "appneta",
"versions": [
{
"lessThanOrEqual": "4.4.4",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:36:00.568153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:08:21.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258333 | appneta tcpreplay get.c get_layer4_v6 heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://vuldb.com/?id.258333"
},
{
"name": "VDB-258333 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258333"
},
{
"name": "Submit #297866 | appneta tcpreplay 4.4.4 (latest) heap-buffer-overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.297866"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://docs.google.com/document/d/1wCIrViAJwGsO5afPBLLjRhO5RClsoUo3J9q1psLs84s/edit?usp=sharing"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1zV9MSkfYLIrdtK3yczy1qbsJr_yN2fwH/view"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tcpreplay",
"vendor": "appneta",
"versions": [
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.4.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MSXF (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in appneta tcpreplay bis 4.4.4 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion get_layer4_v6 der Datei /tcpreplay/src/common/get.c. Durch das Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T02:00:05.886Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258333 | appneta tcpreplay get.c get_layer4_v6 heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"exploit"
],
"url": "https://vuldb.com/?id.258333"
},
{
"name": "VDB-258333 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258333"
},
{
"name": "Submit #297866 | appneta tcpreplay 4.4.4 (latest) heap-buffer-overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.297866"
},
{
"tags": [
"related"
],
"url": "https://docs.google.com/document/d/1wCIrViAJwGsO5afPBLLjRhO5RClsoUo3J9q1psLs84s/edit?usp=sharing"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://drive.google.com/file/d/1zV9MSkfYLIrdtK3yczy1qbsJr_yN2fwH/view"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T19:30:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "appneta tcpreplay get.c get_layer4_v6 heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3024",
"datePublished": "2024-03-28T02:00:05.886Z",
"dateReserved": "2024-03-27T18:24:51.309Z",
"dateUpdated": "2024-08-01T19:32:42.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2824 (GCVE-0-2024-2824)
Vulnerability from cvelistv5 – Published: 2024-03-22 18:00 – Updated: 2024-08-01 20:47- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257711 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257711 | signaturepermissions-required |
| https://github.com/Matthias-Wandel/jhead/issues/84 | issue-tracking |
| https://github.com/Matthias-Wandel/jhead/files/14… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Matthias-Wandel | jhead |
Affected:
3.08
|
|
| jhead_project | jhead |
Affected:
3.08
cpe:2.3:a:jhead_project:jhead:3.08:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257711 | Matthias-Wandel jhead exif.c PrintFormatNumber heap-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257711"
},
{
"name": "VDB-257711 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257711"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/Matthias-Wandel/jhead/issues/84"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jhead_project:jhead:3.08:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jhead",
"vendor": "jhead_project",
"versions": [
{
"status": "affected",
"version": "3.08"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2824",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T20:46:02.059659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:22.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jhead",
"vendor": "Matthias-Wandel",
"versions": [
{
"status": "affected",
"version": "3.08"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "merci (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Matthias-Wandel jhead 3.08 gefunden. Es geht hierbei um die Funktion PrintFormatNumber der Datei exif.c. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T18:00:08.695Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257711 | Matthias-Wandel jhead exif.c PrintFormatNumber heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257711"
},
{
"name": "VDB-257711 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257711"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Matthias-Wandel/jhead/issues/84"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-22T11:45:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "Matthias-Wandel jhead exif.c PrintFormatNumber heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2824",
"datePublished": "2024-03-22T18:00:08.695Z",
"dateReserved": "2024-03-22T10:39:58.777Z",
"dateUpdated": "2024-08-01T20:47:22.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2212 (GCVE-0-2024-2212)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:58 – Updated: 2025-02-13 17:33| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | ThreadX |
Affected:
0 , < 6.4.0
(semver)
|
|
| eclipse_foundation | threadx |
Affected:
0 , < 6.4.0
(semver)
cpe:2.3:a:eclipse_foundation:threadx:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:threadx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "threadx",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThan": "6.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:19:47.657038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:34:55.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/35"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThreadX",
"repo": "https://github.com/eclipse-threadx/threadx/",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "6.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ivaldi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() \nfunctions from the FreeRTOS compatibility API \n(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing \nparameter checks. This could lead to integer wraparound, \nunder-allocations and heap buffer overflows.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() \nfunctions from the FreeRTOS compatibility API \n(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing \nparameter checks. This could lead to integer wraparound, \nunder-allocations and heap buffer overflows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:13:00.990Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/35"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-2212",
"datePublished": "2024-03-26T15:58:27.486Z",
"dateReserved": "2024-03-06T08:05:57.446Z",
"dateUpdated": "2025-02-13T17:33:30.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2011 (GCVE-0-2024-2011)
Vulnerability from cvelistv5 – Published: 2024-06-11 13:24 – Updated: 2024-08-01 18:56- CWE-122 - Heap-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN |
Affected:
FOXMAN-UN R16B PC2
(custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 (custom) Unaffected: FOXMAN-UN R16B PC5 (custom) Affected: FOXMAN-UN R16A Affected: FOXMAN-UN R15A |
|
| Hitachi Energy | UNEM |
Affected:
UNEM R16B PC2
(custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 (custom) Unaffected: UNEM R16B PC5 (custom) Affected: UNEM R16A Affected: UNEM R15A |
|
| hitachi_energy | foxman-un |
Affected:
FOXMAN-UN R16B PC2
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 Unaffected: FOXMAN-UN R16B PC5 Affected: FOXMAN-UN R16A Affected: FOXMAN-UN R15A cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:* |
|
| hitachi_energy | unem |
Affected:
UNEM R16B PC2
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 Unaffected: UNEM R16B PC5 Affected: UNEM R16A Affected: UNEM R15A cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "foxman-un",
"vendor": "hitachi_energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R16B PC5"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unem",
"vendor": "hitachi_energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4"
},
{
"status": "unaffected",
"version": "UNEM R16B PC5"
},
{
"status": "affected",
"version": "UNEM R16A"
},
{
"status": "affected",
"version": "UNEM R15A"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T19:34:01.919299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:57:39.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
},
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R16B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "UNEM R16B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R16A"
},
{
"status": "affected",
"version": "UNEM R15A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram\u0027s implicit security policy"
}
],
"value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram\u0027s implicit security policy"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:59:18.165Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
},
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2011",
"datePublished": "2024-06-11T13:24:58.764Z",
"dateReserved": "2024-02-29T13:42:05.971Z",
"dateUpdated": "2024-08-01T18:56:22.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1848 (GCVE-0-2024-1848)
Vulnerability from cvelistv5 – Published: 2024-03-22 10:58 – Updated: 2024-09-02 08:10| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | SOLIDWORKS Desktop |
Affected:
Release SOLIDWORKS 2024 SP0 , ≤ Release SOLIDWORKS 2024 SP1
(custom)
|
|
| 3ds | 3dexperience_solidworks |
Affected:
2024 , ≤ 2024_sp1
(custom)
cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "3dexperience_solidworks",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "2024_sp1",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T13:54:59.990290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:52:08.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SOLIDWORKS Desktop",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release SOLIDWORKS 2024 SP1",
"status": "affected",
"version": "Release SOLIDWORKS 2024 SP0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.\u003cbr\u003eThese vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file."
}
],
"value": "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.\nThese vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T08:10:55.832Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities exist in file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-1848",
"datePublished": "2024-03-22T10:58:51.824Z",
"dateReserved": "2024-02-23T16:39:37.098Z",
"dateUpdated": "2024-09-02T08:10:55.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Pre-design: Use a language or compiler that performs automatic bounds checking.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Implement and perform bounds checking on input.
Mitigation
Strategy: Libraries or Frameworks
Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.
Mitigation
Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.