GitHub_MVULNRICHMENT:CVE-2024-32874CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of secure_filename().
CNA Affected
[
{
"vendor": "blakeblackshear",
"product": "frigate",
"versions": [
{
"version": "<= 0.13.2",
"status": "affected"
}
]
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*"
],
"vendor": "frigate",
"product": "frigate",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "0.13.2",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial