Lucene search

GitHub_MCVELIST:CVE-2024-30249

HistoryApr 04, 2024 - 6:42 p.m.

CVE-2024-30249 Cloudburst Network DoS in RakNet connection handling

2024-04-0418:42:34

CWE-770

GitHub_M

www.cve.org

cloudburst network

dos

vulnerability

raknet

udp

denial of service

amplification

software

upgrade

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR1-20240330.101522-15 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version 1.0.0.CR1-20240330.101522-15 to receive a fix. There are no known workarounds beyond updating the library.

CNA Affected

[
  {
    "vendor": "CloudburstMC",
    "product": "Network",
    "versions": [
      {
        "version": "< 1.0.0.CR1-20240330.101522-15",
        "status": "affected"
      }
    ]
  }
]

References

github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-30249