Lucene search

K
vulnrichmentGitHub_MVULNRICHMENT:CVE-2024-41655
HistoryJul 23, 2024 - 2:49 p.m.

CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability

2024-07-2314:49:34
CWE-624
CWE-1333
GitHub_M
github.com
8
tf2 item format
regular expression
denial of service
vulnerability
version 5.9.14

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any tf2-item-format to parse user input. Version 5.9.14 contains a fix for the issue.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:danocmx:node-tf2-item-format:*:*:*:*:*:*:*:*"
    ],
    "vendor": "danocmx",
    "product": "node-tf2-item-format",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.6",
        "lessThan": "5.9.14",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-41655