CWE-248
Uncaught Exception
An exception is thrown from a function, but it is not caught.
CVE-2024-3051 (GCVE-0-2024-3051)
Vulnerability from cvelistv5 – Published: 2024-04-26 21:26 – Updated: 2024-09-27 16:09
VLAI
Title
Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
Summary
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.silabs.com/068Vm0000045w2j | permissions-required |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Z/IP Gateway SDK |
Affected:
0 , ≤ 7.18.03
(semver)
|
|
| silabs | z\/ip_gateway_sdk |
Affected:
-
cpe:2.3:a:silabs:z\/ip_gateway_sdk:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:z\\/ip_gateway_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z\\/ip_gateway_sdk",
"vendor": "silabs",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:34:09.684748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:05.004Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"permissions-required",
"x_transferred"
],
"url": "https://community.silabs.com/068Vm0000045w2j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Gecko SDK",
"product": "Z/IP Gateway SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "7.18.03",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.\u0026nbsp;"
}
],
"value": "Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time."
}
],
"impacts": [
{
"capecId": "CAPEC-601",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-601 Jamming"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-419",
"description": "CWE-419 Unprotected Primary Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:09:38.663Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"permissions-required"
],
"url": "https://community.silabs.com/068Vm0000045w2j"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Z/IP Gateway Device Reset Locally Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-3051",
"datePublished": "2024-04-26T21:26:38.377Z",
"dateReserved": "2024-03-28T19:04:58.593Z",
"dateUpdated": "2024-09-27T16:09:38.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3052 (GCVE-0-2024-3052)
Vulnerability from cvelistv5 – Published: 2024-04-26 21:27 – Updated: 2025-08-27 21:23
VLAI
Title
Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
Summary
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.silabs.com/068Vm0000045w2j | permissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Z/IP Gateway SDK |
Affected:
0 , < 7.14.00
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:24:21.239587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:01.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"permissions-required",
"x_transferred"
],
"url": "https://community.silabs.com/068Vm0000045w2j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Z/IP Gateway SDK",
"product": "Z/IP Gateway SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "7.14.00",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMalformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.\u003c/span\u003e"
}
],
"value": "Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway."
}
],
"impacts": [
{
"capecId": "CAPEC-601",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-601 Jamming"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:13:04.990Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"permissions-required"
],
"url": "https://community.silabs.com/068Vm0000045w2j"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-3052",
"datePublished": "2024-04-26T21:27:16.422Z",
"dateReserved": "2024-03-28T19:05:04.219Z",
"dateUpdated": "2025-08-27T21:23:01.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31217 (GCVE-0-2024-31217)
Vulnerability from cvelistv5 – Published: 2024-06-12 14:50 – Updated: 2024-08-02 01:46
VLAI
Title
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/strapi/strapi/security/advisor… | x_refsource_CONFIRM |
| https://github.com/strapi/strapi/commit/a0da7e73e… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "strapi",
"vendor": "strapi",
"versions": [
{
"lessThan": "4.22.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31217",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:53:55.205861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:55:51.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm"
},
{
"name": "https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "strapi",
"vendor": "strapi",
"versions": [
{
"status": "affected",
"version": "\u003c 4.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it\u0027s manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:50:37.999Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm"
},
{
"name": "https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7"
}
],
"source": {
"advisory": "GHSA-pm9q-xj9p-96pm",
"discovery": "UNKNOWN"
},
"title": "@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31217",
"datePublished": "2024-06-12T14:50:37.999Z",
"dateReserved": "2024-03-29T14:16:31.901Z",
"dateUpdated": "2024-08-02T01:46:04.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31904 (GCVE-0-2024-31904)
Vulnerability from cvelistv5 – Published: 2024-05-22 18:34 – Updated: 2024-08-02 01:59
VLAI
Title
IBM App Connect Enterprise denial of service
Summary
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7154607 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | App Connect Enterprise |
Affected:
11.0.0.1 , ≤ 11.0.0.25
(semver)
Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver) cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:48:27.874415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:06.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154607"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.25",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.12.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T18:34:39.881Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154607"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31904",
"datePublished": "2024-05-22T18:34:39.881Z",
"dateReserved": "2024-04-07T12:45:07.197Z",
"dateUpdated": "2024-08-02T01:59:50.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32995 (GCVE-0-2024-32995)
Vulnerability from cvelistv5 – Published: 2024-05-11 10:00 – Updated: 2024-08-02 02:27
VLAI
Summary
Denial of service (DoS) vulnerability in the AMS module
Impact: Successful exploitation of this vulnerability will affect availability.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-11T16:49:22.118972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:08.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://consumer.huawei.com/en/support/bulletin/2024/5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of service (DoS) vulnerability in the AMS module\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"value": "Denial of service (DoS) vulnerability in the AMS module\nImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-11T10:00:18.321Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/5/"
},
{
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-32995",
"datePublished": "2024-05-11T10:00:18.321Z",
"dateReserved": "2024-04-23T03:44:12.573Z",
"dateUpdated": "2024-08-02T02:27:53.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33848 (GCVE-0-2024-33848)
Vulnerability from cvelistv5 – Published: 2024-09-16 16:38 – Updated: 2024-09-16 17:43
VLAI
Summary
Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- denial of service
- CWE-248 - Uncaught exception
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) RAID Web Console software |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:33:13.658611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:43:38.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) RAID Web Console software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-248",
"description": "Uncaught exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:38:37.034Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-33848",
"datePublished": "2024-09-16T16:38:37.034Z",
"dateReserved": "2024-05-24T03:00:03.670Z",
"dateUpdated": "2024-09-16T17:43:38.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34363 (GCVE-0-2024-34363)
Vulnerability from cvelistv5 – Published: 2024-06-04 20:59 – Updated: 2024-08-02 02:51
VLAI
Title
Envoy can crash due to uncaught nlohmann JSON exception
Summary
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.30.0, <= 11.30.1
Affected: >= 1.29.0, <= 1.29.4 Affected: >= 1.28.0, <= 1.28.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T17:23:29.795163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T17:23:47.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:59:52.773Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4"
}
],
"source": {
"advisory": "GHSA-g979-ph9j-5gg4",
"discovery": "UNKNOWN"
},
"title": "Envoy can crash due to uncaught nlohmann JSON exception"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34363",
"datePublished": "2024-06-04T20:59:52.773Z",
"dateReserved": "2024-05-02T06:36:32.439Z",
"dateUpdated": "2024-08-02T02:51:11.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38525 (GCVE-0-2024-38525)
Vulnerability from cvelistv5 – Published: 2024-06-28 21:10 – Updated: 2024-08-02 04:12
VLAI
Title
dd-trace-cpp malformed unicode header values may cause crash
Summary
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/DataDog/dd-trace-cpp/security/… | x_refsource_CONFIRM |
| https://github.com/DataDog/dd-trace-cpp/releases/… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| DataDog | dd-trace-cpp |
Affected:
>= 0.1.12, < 0.2.2
|
|
| datadoghq | dd-trace-cpp |
Affected:
0 , < 0.1.13
(custom)
Affected: 0 , < 0.2.2 (custom) cpe:2.3:a:datadoghq:dd-trace-cpp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:datadoghq:dd-trace-cpp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dd-trace-cpp",
"vendor": "datadoghq",
"versions": [
{
"lessThan": "0.1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "0.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T15:43:21.179262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T15:54:07.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w"
},
{
"name": "https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dd-trace-cpp",
"vendor": "DataDog",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.12, \u003c 0.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T21:10:57.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w"
},
{
"name": "https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2"
}
],
"source": {
"advisory": "GHSA-rf3p-mg22-qv6w",
"discovery": "UNKNOWN"
},
"title": "dd-trace-cpp malformed unicode header values may cause crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38525",
"datePublished": "2024-06-28T21:10:57.138Z",
"dateReserved": "2024-06-18T16:37:02.728Z",
"dateUpdated": "2024-08-02T04:12:25.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42037 (GCVE-0-2024-42037)
Vulnerability from cvelistv5 – Published: 2024-08-08 09:30 – Updated: 2024-08-09 18:03
VLAI
Summary
Vulnerability of uncaught exceptions in the Graphics module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei | HarmonyOS |
Affected:
4.2.0
Affected: 4.0.0 Affected: 3.1.0 Affected: 3.0.0 Affected: 2.1.0 Affected: 2.0.0 |
|
| Huawei | EMUI |
Affected:
14.0.0
Affected: 13.0.0 Affected: 12.0.0 |
|
| huawei | harmonyos |
Affected:
4.2.0
Affected: 4.0.0 Affected: 3.1.0 Affected: 3.0.0 Affected: 2.1.0 Affected: 2.0.0 cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:* |
|
| huawei | emui |
Affected:
14.0.0
Affected: 13.0.0 Affected: 12.0.0 cpe:2.3:o:huawei:emui:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "harmonyos",
"vendor": "huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:huawei:emui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emui",
"vendor": "huawei",
"versions": [
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:01:36.363093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:03:49.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of uncaught exceptions in the Graphics module\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Vulnerability of uncaught exceptions in the Graphics module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T09:30:18.428Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://https://consumer.huawei.com/en/support/bulletin/2024/8/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-42037",
"datePublished": "2024-08-08T09:30:18.428Z",
"dateReserved": "2024-07-27T06:52:58.401Z",
"dateUpdated": "2024-08-09T18:03:49.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43357 (GCVE-0-2024-43357)
Vulnerability from cvelistv5 – Published: 2024-08-15 18:36 – Updated: 2024-08-15 19:10
VLAI
Title
JavaScript specification issue may lead to type confusion and pointer dereference in implementations
Summary
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.
The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants.
The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory's public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section.
## References
- https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727
- https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
- https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq
- https://bugs.webkit.org/show_bug.cgi?id=275407
- https://issues.chromium.org/issues/346692561
- https://www.cve.org/CVERecord?id=CVE-2024-7652
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/tc39/ecma262/security/advisori… | x_refsource_CONFIRM |
| https://github.com/boa-dev/boa/security/advisorie… | x_refsource_MISC |
| https://github.com/tc39/ecma262/pull/2413 | x_refsource_MISC |
| https://github.com/tc39/ecma262/commit/1e24a286d0… | x_refsource_MISC |
| https://github.com/tc39/ecma262/commit/4cb5a6980e… | x_refsource_MISC |
| https://bugs.webkit.org/show_bug.cgi?id=275407 | x_refsource_MISC |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 | x_refsource_MISC |
| https://issues.chromium.org/issues/346692561 | x_refsource_MISC |
| https://tc39.es/ecma262/#sec-asyncgenerator-objects | x_refsource_MISC |
| https://www.cve.org/CVERecord?id=CVE-2024-7652 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| tc39 | ecma262 |
Affected:
>= 2022, < 2025
|
|
| ecma_international | ecma262 |
Affected:
2022 , < 2025
(custom)
cpe:2.3:a:ecma_international:ecma262:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ecma_international:ecma262:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ecma262",
"vendor": "ecma_international",
"versions": [
{
"lessThan": "2025",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T18:59:18.834850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:10:00.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ecma262",
"vendor": "tc39",
"versions": [
{
"status": "affected",
"version": "\u003e= 2022, \u003c 2025"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.\n\nThe internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants.\n\nThe ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory\u0027s public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section.\n\n## References\n\n- https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727\n- https://bugzilla.mozilla.org/show_bug.cgi?id=1901411\n- https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq\n- https://bugs.webkit.org/show_bug.cgi?id=275407\n- https://issues.chromium.org/issues/346692561\n- https://www.cve.org/CVERecord?id=CVE-2024-7652"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:36:49.012Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r"
},
{
"name": "https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq"
},
{
"name": "https://github.com/tc39/ecma262/pull/2413",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tc39/ecma262/pull/2413"
},
{
"name": "https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727"
},
{
"name": "https://github.com/tc39/ecma262/commit/4cb5a6980e20be76c648f113c4cc762342172df3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tc39/ecma262/commit/4cb5a6980e20be76c648f113c4cc762342172df3"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=275407",
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=275407"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1901411",
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1901411"
},
{
"name": "https://issues.chromium.org/issues/346692561",
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.chromium.org/issues/346692561"
},
{
"name": "https://tc39.es/ecma262/#sec-asyncgenerator-objects",
"tags": [
"x_refsource_MISC"
],
"url": "https://tc39.es/ecma262/#sec-asyncgenerator-objects"
},
{
"name": "https://www.cve.org/CVERecord?id=CVE-2024-7652",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7652"
}
],
"source": {
"advisory": "GHSA-g38c-wh3c-5h9r",
"discovery": "UNKNOWN"
},
"title": "JavaScript specification issue may lead to type confusion and pointer dereference in implementations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43357",
"datePublished": "2024-08-15T18:36:49.012Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-15T19:10:00.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.