Lucene search

MitreCVE-2024-34953

HistoryMay 20, 2024 - 2:15 p.m.

CVE-2024-34953

2024-05-2014:15:09

CWE-400

mitre

web.nvd.nist.gov

taurusxin

ncmdump

dos

memory exhaustion

crafted file

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON

An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file

References

github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png

github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.md

github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/poc/I7K9QM~F

github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted

github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted/poc

github.com/taurusxin/ncmdump/issues/19

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON

Related for CVE-2024-34953