Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-391
Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
CVE-2023-32871 (GCVE-0-2023-32871)
Vulnerability from cvelistv5 – Published: 2024-05-06 02:51 – Updated: 2025-03-17 17:02
VLAI
Summary
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-391 - Unchecked Error Condition
Assigner
References
1 reference
Impacted products
60 products
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 |
Affected:
Android 11.0, 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3, 4.0 / RDK-B 22Q3
|
|
| mediatek | mt6739 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:* |
|
| mediatek | mt6761 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:* |
|
| mediatek | mt6768 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:* |
|
| mediatek | mt6771 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:* |
|
| mediatek | mt6779 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:* |
|
| mediatek | mt6781 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:* |
|
| mediatek | mt6789 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:* |
|
| mediatek | mt6833 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:* |
|
| mediatek | mt6853 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:* |
|
| mediatek | mt6853t |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:* |
|
| mediatek | mt6855 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:* |
|
| mediatek | mt6873 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:* |
|
| mediatek | mt6879 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* |
|
| mediatek | mt6880 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:* |
|
| mediatek | mt6883 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:* |
|
| mediatek | mt6885 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:* |
|
| mediatek | mt6889 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:* |
|
| mediatek | mt6890 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:* |
|
| mediatek | mt6893 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:* |
|
| mediatek | mt6895 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* |
|
| mediatek | mt6980 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:* |
|
| mediatek | mt6983 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* |
|
| mediatek | mt6985 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* |
|
| mediatek | mt6990 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:* |
|
| mediatek | mt8167 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:* |
|
| mediatek | mt8167s |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:* |
|
| mediatek | mt8168 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:* |
|
| mediatek | mt8175 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:* |
|
| mediatek | mt8185 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:* |
|
| mediatek | mt8188 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:* |
|
| mediatek | mt8195 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:* |
|
| mediatek | mt8362a |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:* |
|
| mediatek | mt8365 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:* |
|
| mediatek | mt8385 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* |
|
| mediatek | mt8390 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:* |
|
| mediatek | mt8395 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:* |
|
| mediatek | mt8755 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:* |
|
| mediatek | mt8765 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:* |
|
| mediatek | mt8766 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:* |
|
| mediatek | mt8768 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:* |
|
| mediatek | mt8775 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:* |
|
| mediatek | mt8781 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:* |
|
| mediatek | mt8786 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:* |
|
| mediatek | mt8788 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* |
|
| mediatek | mt8789 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:* |
|
| mediatek | mt8791 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:* |
|
| mediatek | mt8791t |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:* |
|
| mediatek | mt8797 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:* |
|
| mediatek | mt2737 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:* |
|
| mediatek | mt6765 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:* |
|
| mediatek | mt6785 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:* |
|
| mediatek | mt6835 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:* |
|
| mediatek | mt6877 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:* |
|
| mediatek | mt6886 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:* |
|
| mediatek | mt6897 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:* |
|
| mediatek | mt6989 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:* |
|
| mediatek | mt8173 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:* |
|
| mediatek | mt8321 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:* |
|
| mediatek | mt8798 |
Affected:
android_11.0 , ≤ android_14.0
(custom)
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6739",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6761",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6768",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6771",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6779",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6781",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6789",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6833",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6853",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6853t",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6855",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6873",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6880",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6883",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6885",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6889",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6890",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6893",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6980",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6985",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6990",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167s",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8168",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8175",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8185",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8362a",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8365",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8385",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8390",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8755",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8765",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8766",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8768",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8775",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8781",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8786",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8788",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8789",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8791",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8791t",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8797",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2737",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6765",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6785",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6835",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6877",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6886",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6897",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6989",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8173",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8321",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8798",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "android_14.0",
"status": "affected",
"version": "android_11.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T04:00:28.814395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T17:02:28.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3, 4.0 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391 Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-06T02:51:52.075Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32871",
"datePublished": "2024-05-06T02:51:52.075Z",
"dateReserved": "2023-05-16T03:04:32.164Z",
"dateUpdated": "2025-03-17T17:02:28.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23326 (GCVE-0-2024-23326)
Vulnerability from cvelistv5 – Published: 2024-06-04 20:05 – Updated: 2024-08-01 22:59
VLAI
Title
Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Summary
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-391 - Unchecked Error Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.13.0, <= 1.30.1
Affected: >= 1.29.0, <= 1.29.4 Affected: >= 1.28.0, <= 1.28.3 Affected: <= 1.27.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T12:32:08.718611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T15:53:07.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c= 1.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391: Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:05:48.230Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
}
],
"source": {
"advisory": "GHSA-vcf8-7238-v74c",
"discovery": "UNKNOWN"
},
"title": "Envoy incorrectly accepts HTTP 200 response for entering upgrade mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23326",
"datePublished": "2024-06-04T20:05:48.230Z",
"dateReserved": "2024-01-15T15:19:19.441Z",
"dateUpdated": "2024-08-01T22:59:32.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52316 (GCVE-0-2024-52316)
Vulnerability from cvelistv5 – Published: 2024-11-18 11:32 – Updated: 2025-11-04 15:59
VLAI
Title
Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Summary
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-391 - Unchecked Error Condition
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.0-M26
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.30 (semver) Affected: 9.0.0-M1 , ≤ 9.0.95 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
|
| apache | tomcat |
Affected:
9.0.0-M1 , ≤ 9.0.95
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.30 (semver) Affected: 11.0.0-M1 , ≤ 11.0.0-M26 (semver) cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tomcat",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "9.0.95",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.30",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.0-M26",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T14:50:59.890424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:59:51.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:45:28.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/18/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0003/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M26",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.30",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.95",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)\u0026nbsp;ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta\u0026nbsp;Authentication components that behave in this way.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100.\u0026nbsp;Other EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.\u003c/p\u003e"
}
],
"value": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)\u00a0ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta\u00a0Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391 Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:51:23.610Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Tomcat: Authentication bypass when using Jakarta Authentication API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-52316",
"datePublished": "2024-11-18T11:32:22.072Z",
"dateReserved": "2024-11-07T07:41:56.639Z",
"dateUpdated": "2025-11-04T15:59:51.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71325 (GCVE-0-2025-71325)
Vulnerability from cvelistv5 – Published: 2026-06-17 15:05 – Updated: 2026-06-17 17:28
VLAI
Title
picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw
Summary
picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-391 - Unchecked Error Condition
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/mmaitre314/picklescan/security… | vendor-advisory |
| https://github.com/mmaitre314/picklescan/commit/2… | patch |
| https://www.vulncheck.com/advisories/picklescan-d… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| picklescan | picklescan |
Affected:
0 , < 0.0.27
(semver)
Unaffected: 0.0.27 (semver) |
Date Public
2025-08-10 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71325",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:27:40.928251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:28:10.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:pypi/picklescan",
"product": "picklescan",
"vendor": "picklescan",
"versions": [
{
"lessThan": "0.0.27",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.0.27",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lyutoon"
}
],
"datePublic": "2025-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T15:05:00.840Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GHSA Advisory GHSA-9gvj-pp9x-gcfr",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr"
},
{
"name": "https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f",
"tags": [
"patch"
],
"url": "https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f"
},
{
"name": "VulnCheck Advisory: picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/picklescan-detection-bypass-via-stack-global-opcode-parsing-logic-flaw"
}
],
"title": "picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71325",
"datePublished": "2026-06-17T15:05:00.840Z",
"dateReserved": "2026-06-08T20:44:31.209Z",
"dateUpdated": "2026-06-17T17:28:10.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Requirements
Description:
- The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.
Mitigation
Phase: Requirements
Description:
- A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.
Mitigation
Phase: Implementation
Description:
- Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
No CAPEC attack patterns related to this CWE.