Lucene search

[email protected]NVD:CVE-2024-34953

HistoryMay 20, 2024 - 2:15 p.m.

CVE-2024-34953

2024-05-2014:15:09

CWE-400

[email protected]

web.nvd.nist.gov

nvd taurusxin ncmdump denial of service cve-2024-34953 crafted file

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

JSON

An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file

References

github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png

github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.md

github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/poc/I7K9QM~F

github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted

github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted/poc

github.com/taurusxin/ncmdump/issues/19

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

JSON

Related for NVD:CVE-2024-34953

cve1 vulnrichment1 cvelist1