Lucene search

INCIBECVE-2024-1112

HistoryJan 31, 2024 - 2:15 p.m.

CVE-2024-1112

2024-01-3114:15:49

CWE-119

CWE-787

INCIBE

web.nvd.nist.gov

cve-2024-1112

resource hacker

angus johnson

vulnerability

buffer overflow

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

Affected configurations

Nvd

Vulners

Node

angusjresource_hackerMatch3.6.0.92

VendorProductVersionCPE
angusjresource_hacker3.6.0.92cpe:2.3:a:angusj:resource_hacker:3.6.0.92:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
angusj	resource_hacker	3.6.0.92	cpe:2.3:a:angusj:resource_hacker:3.6.0.92:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Resource Hacker",
    "vendor": "Angus Johnson",
    "versions": [
      {
        "status": "affected",
        "version": "3.6.0.92"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-resource-hacker

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for CVE-2024-1112