Lucene search

[email protected]NVD:CVE-2023-40711

HistoryAug 20, 2023 - 1:15 a.m.

CVE-2023-40711

2023-08-2001:15:08

CWE-787

[email protected]

web.nvd.nist.gov

veilid vulnerability

denial of service

august 2023 exploit

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.8%

JSON

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.

Affected configurations

NVD

Node

veilidveilidRange<0.1.9

References

gitlab.com/veilid/veilid/-/blob/main/CHANGELOG.md

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.8%

JSON

Related for NVD:CVE-2023-40711

cve1 osv1 prion1 cvelist1