Lucene search

GoogleOSV:CVE-2024-33901

HistoryMay 20, 2024 - 9:15 p.m.

CVE-2024-33901

2024-05-2021:15:00

Google

osv.dev

keepassxc

2.7.7

database security

memory dump

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

JSON

DISPUTED Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

References

gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838

keepassxc.org/blog/

ubuntu.com/security/CVE-2024-33901

www.cve.org/CVERecord?id=CVE-2024-33901

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

JSON

Related for OSV:CVE-2024-33901