Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-43380
HistoryAug 19, 2024 - 12:00 a.m.

CVE-2024-43380

2024-08-1900:00:00
ubuntu.com
ubuntu.com
1
floraison group
fugit
arbitrary input
prolonged thread hold
cve-2024-43380

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON

fugit contains time tools for flor and the floraison group. The fugit
“natural” parser, that turns “every wednesday at 5pm” into “0 17 * * 3”,
accepted any length of input and went on attempting to parse it, not
returning promptly, as expected. The parse call could hold the thread with
no end in sight. Fugit dependents that do not check (user) input length for
plausibility are impacted. A fix was released in fugit 1.11.1.

References

Related

ibm 1
osv 3
wolfi 1
debiancve 1
vulnrichment 1
veracode 1
github 1
cve 1
cvelist 1
redhatcve 1
nvd 1
rubygems 1
ibm
ibm
Security Bulletin: A vulnerability in fugit gem affects IBM License Metric Tool (CVE-2024-43380).
2024-09-17 08:55:40
osv
osv
fugit parse and parse_nat stall on lengthy input
2024-08-19 17:29:36
CVE-2024-43380
2024-08-19 15:15:08
CGA-jq79-r8v3-w5hp
2024-09-05 21:05:06
wolfi
wolfi
CVE-2024-43380 vulnerabilities
2024-09-19 21:18:36
debiancve
debiancve
CVE-2024-43380
2024-08-19 15:15:08
vulnrichment
vulnrichment
CVE-2024-43380 fugit parse and parse_nat stall on lengthy input
2024-08-19 14:37:39
veracode
veracode
Denial Of Service (DoS)
2024-08-20 06:58:27
github
github
fugit parse and parse_nat stall on lengthy input
2024-08-19 17:29:36
cve
cve
CVE-2024-43380
2024-08-19 15:15:08
cvelist
cvelist
CVE-2024-43380 fugit parse and parse_nat stall on lengthy input
2024-08-19 14:37:39
redhatcve
redhatcve
CVE-2024-43380
2024-08-19 21:39:50
nvd
nvd
CVE-2024-43380
2024-08-19 15:15:08
rubygems
rubygems
fugit parse and parse_nat stall on lengthy input
2024-08-18 21:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON
Related for UB:CVE-2024-43380
ibm1osv3wolfi1debiancve1vulnrichment1veracode1github1cve1cvelist1redhatcve1nvd1rubygems1