Lucene search

Veracode Vulnerability DatabaseVERACODE:38703

HistoryJan 02, 2023 - 9:47 a.m.

Denial Of Service (DOS)

2023-01-0209:47:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

vulnerability

zip file

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

52.1%

JSON

github.com/sajari/docconv is vulnerable to Denial Of Service (DOS). The vulnerability exists in multiple functions because manipulation with an unknown input leads to a memory allocation when reading files from a ZIP archive.

CPENameOperatorVersion
github.com/sajari/docconvlev1.2.0
github.com/sajari/docconvlev1.2.0

CPE	Name	Operator	Version
	github.com/sajari/docconv	le	v1.2.0
	github.com/sajari/docconv	le	v1.2.0

References

github.com/advisories/GHSA-qvx2-59g8-8hph

github.com/sajari/docconv/commit/42bcff666855ab978e67a9041d0cdea552f20301

github.com/sajari/docconv/pull/111

github.com/sajari/docconv/releases/tag/v1.2.1

vuldb.com/?ctiid.216779

vuldb.com/?id.216779

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for VERACODE:38703