Lucene search

[email protected]NVD:CVE-2024-36761

HistoryJun 12, 2024 - 4:15 p.m.

CVE-2024-36761

2024-06-1216:15:11

CWE-787

[email protected]

web.nvd.nist.gov

naga v0.14.0

stack overflow

component wgsl parse

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.

Affected configurations

Nvd

Node

gfx-rsnagaMatch0.14.0rust

VendorProductVersionCPE
gfx-rsnaga0.14.0cpe:2.3:a:gfx-rs:naga:0.14.0:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
gfx-rs	naga	0.14.0	cpe:2.3:a:gfx-rs:naga:0.14.0:::::rust::

References

github.com/gfx-rs/naga/issues/2591

github.com/MageWeiG/VulnerabilityCollection/blob/main/CVE-2024-36761/info.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

Related for NVD:CVE-2024-36761

cvelist1 cve1 vulnrichment1