Lucene search

[email protected]CVE-2024-23985

HistoryJan 25, 2024 - 5:15 a.m.

CVE-2024-23985

2024-01-2505:15:08

[email protected]

web.nvd.nist.gov

cve

ezserver

6.4.017

dos

vulnerability

long string

rnto

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.7%

JSON

EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.

Affected configurations

NVD

Node

ezhometechezserverMatch6.4.017

CPENameOperatorVersion
ezhometech:ezserverezhometech ezservereq6.4.017

CPE	Name	Operator	Version
ezhometech:ezserver	ezhometech ezserver	eq	6.4.017

References

packetstormsecurity.com/files/176663/EzServer-6.4.017-Denial-Of-Service.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.7%

JSON

Related for CVE-2024-23985

prion1 nvd1 cvelist1