Common Weakness Enumeration

CWE-252

Allowed

Unchecked Return Value

Abstraction: Base · Status: Draft

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

227 vulnerabilities reference this CWE, most recent first.

CVE-2025-0028 (GCVE-0-2025-0028)

Vulnerability from cvelistv5 – Published: 2026-05-15 01:52 – Updated: 2026-05-15 13:27
VLAI
Summary
An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
AMD
Date Public
2026-05-15 01:50
Credits
Reported through AMD Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T13:25:09.199353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T13:27:14.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Rembrandt R\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.06.02.123"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Phoenix\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.06.02.123"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Hawk Point\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.06.02.123"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Rembrandt\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.06.02.123"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 7.06.02.123"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported through AMD Bug Bounty Program"
        }
      ],
      "datePublic": "2026-05-15T01:50:10.383Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unchecked return value within the AMD Platform Management Framework (PMF)  could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
            }
          ],
          "value": "An unchecked return value within the AMD Platform Management Framework (PMF)  could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252  Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T01:52:29.933Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-0028",
    "datePublished": "2026-05-15T01:52:29.933Z",
    "dateReserved": "2024-11-21T16:17:40.854Z",
    "dateUpdated": "2026-05-15T13:27:14.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50306 (GCVE-0-2024-50306)

Vulnerability from cvelistv5 – Published: 2024-11-14 09:55 – Updated: 2025-11-03 20:45
VLAI
Title
Apache Traffic Server: Server process can fail to drop privilege
Summary
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Traffic Server Affected: 9.2.0 , ≤ 9.2.5 (semver)
Affected: 10.0.0 , ≤ 10.0.1 (semver)
Create a notification for this product.
apache_software_foundation apache_traffic_server Affected: 9.2.0 , ≤ 9.2.5 (semver)
Affected: 10.0.0 , ≤ 10.0.1 (semver)
    cpe:2.3:a:apache_software_foundation:apache_traffic_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Jeffrey BENCTEUX
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache_software_foundation:apache_traffic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apache_traffic_server",
            "vendor": "apache_software_foundation",
            "versions": [
              {
                "lessThanOrEqual": "9.2.5",
                "status": "affected",
                "version": "9.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.0.1",
                "status": "affected",
                "version": "10.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T18:07:42.496439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T18:11:20.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:45:12.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Traffic Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.2.5",
              "status": "affected",
              "version": "9.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.1",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jeffrey BENCTEUX"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUnchecked return value can allow Apache Traffic Server to retain privileges on startup.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Unchecked return value can allow Apache Traffic Server to retain privileges on startup.\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1.\n\nUsers are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T09:55:43.037Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Traffic Server: Server process can fail to drop privilege",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-50306",
    "datePublished": "2024-11-14T09:55:43.037Z",
    "dateReserved": "2024-10-21T21:01:58.173Z",
    "dateUpdated": "2025-11-03T20:45:12.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45775 (GCVE-0-2024-45775)

Vulnerability from cvelistv5 – Published: 2025-02-18 19:25 – Updated: 2026-01-29 17:01
VLAI
Title
Grub2: commands/extcmd: missing check for failed allocation
Summary
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2025:6990 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45775 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2337481 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , ≤ 2.12 (semver)
Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.06-104.el9_6 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-01-28 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T14:42:30.676203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T15:15:35.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://ftp.gnu.org/gnu/grub/",
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.06-104.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-01-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub\u0027s argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T17:01:57.328Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:6990",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:6990"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-45775"
        },
        {
          "name": "RHBZ#2337481",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-01-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-28T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Grub2: commands/extcmd: missing check for failed allocation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-252: Unchecked Return Value"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-45775",
    "datePublished": "2025-02-18T19:25:40.364Z",
    "dateReserved": "2024-09-08T01:57:12.947Z",
    "dateUpdated": "2026-01-29T17:01:57.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45419 (GCVE-0-2024-45419)

Vulnerability from cvelistv5 – Published: 2024-11-19 19:28 – Updated: 2024-11-19 21:46
VLAI
Title
Zoom Apps - Improper Input Validation
Summary
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Zoom Communications Inc. Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers Affected: see references
Create a notification for this product.
zoom zoom_meeting_sdk_for_windows Affected: 6.2.0
    cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-11-12 13:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zoom_meeting_sdk_for_windows",
            "vendor": "zoom",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45419",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T21:43:54.392171Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T21:46:16.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux",
            "iOS",
            "Android"
          ],
          "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
          "vendor": "Zoom Communications Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "see references"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T19:28:48.335Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24041"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Zoom Apps - Improper Input Validation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2024-45419",
    "datePublished": "2024-11-19T19:28:48.335Z",
    "dateReserved": "2024-08-28T21:50:25.332Z",
    "dateUpdated": "2024-11-19T21:46:16.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42491 (GCVE-0-2024-42491)

Vulnerability from cvelistv5 – Published: 2024-09-05 17:17 – Updated: 2025-11-03 22:04
VLAI
Title
A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
asterisk asterisk Affected: < 18.24.3
Affected: >= 19.0.0, < 20.9.3
Affected: >= 21.0.0, < 21.4.3
Affected: < 18.9-cert12
Affected: >= 19.0, < 20.7-cert2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T18:48:24.364960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T18:52:42.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:56.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.24.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0, \u003c 20.9.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0.0, \u003c 21.4.3"
            },
            {
              "status": "affected",
              "version": "\u003c 18.9-cert12"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0, \u003c 20.7-cert2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252: Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T17:17:56.961Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"
        }
      ],
      "source": {
        "advisory": "GHSA-v428-g3cw-7hv9",
        "discovery": "UNKNOWN"
      },
      "title": "A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-42491",
    "datePublished": "2024-09-05T17:17:56.961Z",
    "dateReserved": "2024-08-02T14:13:04.619Z",
    "dateUpdated": "2025-11-03T22:04:56.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39558 (GCVE-0-2024-39558)

Vulnerability from cvelistv5 – Published: 2024-07-10 22:40 – Updated: 2024-08-13 20:36
VLAI
Title
Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR
Summary
An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash. This issue affects: Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3, * from 22.4 before 22.4R2;  Junos OS Evolved: * All versions before 20.4R3-S10 -EVO, * All versions of 21.2-EVO, * from 21.4-EVO before 21.4R3-S9-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-EVO, * from 22.4-EVO before 22.4R2-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 20.4R3-S10 (semver)
Affected: 21.2 , < 21.2R3-S7 (semver)
Affected: 21.4 , < 21.4R3-S6 (semver)
Affected: 22.1 , < 22.1R3-S5 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3 (semver)
Affected: 22.4 , < 22.4R2 (semver)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: 0 , < 20.4R3-S10-EVO (semver)
Affected: 21.2R1-EVO , < 21.2*-EVO (semver)
Affected: 21.4-EVO , < 21.4R3-S9-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S5-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-EVO (semver)
Affected: 22.4-EVO , < 22.4R2-EVO (semver)
Create a notification for this product.
juniper junos_os Affected: 0 , < 20.4R3-S10 (semver)
Affected: 21.2 , < 21.2R3-S7 (semver)
Affected: 21.4 , < 21.4R3-S6 (semver)
Affected: 22.1 , < 22.1R3-S5 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3 (semver)
Affected: 22.4 , < 22.4R2 (semver)
    cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*
Create a notification for this product.
juniper junos_os_evolved Affected: 0 , < 20.4R3-S10-EVO (semver)
Affected: 21.2R1-EVO , < 21.2*-EVO (semver)
Affected: 21.4-EVO , < 21.4R3-S9-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S5-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-EVO (semver)
Affected: 22.4-EVO , < 22.4R2-EVO (semver)
    cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-10 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "20.4R3-S10",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "21.2R3-S7",
                "status": "affected",
                "version": "21.2",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4R3-S6",
                "status": "affected",
                "version": "21.4",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S5",
                "status": "affected",
                "version": "22.1",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S3",
                "status": "affected",
                "version": "22.2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R2",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os_evolved",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "20.4R3-S10-EVO",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "21.2*-EVO",
                "status": "affected",
                "version": "21.2R1-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4R3-S9-EVO",
                "status": "affected",
                "version": "21.4-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S5-EVO",
                "status": "affected",
                "version": "22.1-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S3-EVO",
                "status": "affected",
                "version": "22.2-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3-EVO",
                "status": "affected",
                "version": "22.3-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R2-EVO",
                "status": "affected",
                "version": "22.4-EVO",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T14:25:31.554466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T20:36:57.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA83018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S7",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S6",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S5",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S10-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2*-EVO",
              "status": "affected",
              "version": "21.2R1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S9-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S5-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue only affects systems with PIM and MoFRR enabled.\u0026nbsp; For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols pim ]\u003cbr\u003e[ routing-options multicast stream-protection ]\u003c/tt\u003e"
            }
          ],
          "value": "This issue only affects systems with PIM and MoFRR enabled.\u00a0 For example:\n\n[ protocols pim ]\n[ routing-options multicast stream-protection ]"
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10, \u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10 -EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S9-EVO,\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\n\nThis issue affects:\n\nJunos OS: \n\n\n  *  All versions before 20.4R3-S10, \n  *  from 21.2 before 21.2R3-S7, \n  *  from 21.4 before 21.4R3-S6, \n  *  from 22.1 before 22.1R3-S5, \n  *  from 22.2 before 22.2R3-S3, \n  *  from 22.3 before 22.3R3, \n  *  from 22.4 before 22.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n  *  All versions before 20.4R3-S10 -EVO,\n  *  All versions of 21.2-EVO,\n  *  from 21.4-EVO before 21.4R3-S9-EVO,\n  *  from 22.1-EVO before 22.1R3-S5-EVO,\n  *  from 22.2-EVO before 22.2R3-S3-EVO,\n  *  from 22.3-EVO before 22.3R3-EVO,\n  *  from 22.4-EVO before 22.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-08T20:50:13.375Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA83018"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA83018",
        "defect": [
          "1709038"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-10T16:00:00.000Z",
          "value": "Initial Publication"
        },
        {
          "lang": "en",
          "time": "2024-08-08T21:00:00.000Z",
          "value": "Updated list of EVO affected and fixed releases"
        }
      ],
      "title": "Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39558",
    "datePublished": "2024-07-10T22:40:44.365Z",
    "dateReserved": "2024-06-25T15:12:53.247Z",
    "dateUpdated": "2024-08-13T20:36:57.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37039 (GCVE-0-2024-37039)

Vulnerability from cvelistv5 – Published: 2024-06-12 16:54 – Updated: 2024-08-02 03:43
VLAI
Summary
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Schneider Electric Sage 1410 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 1430 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 1450 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 2400 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 3030 Magnum Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 4400 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
schneider-electric sage_4400 Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_4400",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T18:24:08.466465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T18:33:50.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-05.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sage 1410",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 1430",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 1450",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 2400",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 3030 Magnum",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 4400",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\n\n\n\n\n\nCWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the\ndevice when an attacker sends a specially crafted HTTP request.\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the\ndevice when an attacker sends a specially crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:54:23.117Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-05.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2024-37039",
    "datePublished": "2024-06-12T16:54:23.117Z",
    "dateReserved": "2024-05-31T06:52:05.762Z",
    "dateUpdated": "2024-08-02T03:43:50.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35235 (GCVE-0-2024-35235)

Vulnerability from cvelistv5 – Published: 2024-06-11 14:13 – Updated: 2025-02-21 16:56
VLAI
Title
Cupsd Listen arbitrary chmod 0140777
Summary
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
  • CWE-252 - Unchecked Return Value
Assigner
Impacted products
Vendor Product Version
OpenPrinting cups Affected: <= 2.4.8
Create a notification for this product.
openprinting cups Affected: 0 , ≤ 2.4.8 (custom)
    cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cups",
            "vendor": "openprinting",
            "versions": [
              {
                "lessThanOrEqual": "2.4.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35235",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T17:02:39.998197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-21T16:56:42.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-08T06:03:26.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f"
          },
          {
            "name": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d"
          },
          {
            "name": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21"
          },
          {
            "name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/12/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/12/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/08/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cups",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.4.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252: Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T03:06:28.702Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f"
        },
        {
          "name": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d"
        },
        {
          "name": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21"
        },
        {
          "name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/11/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/12/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/12/5"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html"
        }
      ],
      "source": {
        "advisory": "GHSA-vvwp-mv6j-hw6f",
        "discovery": "UNKNOWN"
      },
      "title": "Cupsd Listen arbitrary chmod 0140777"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-35235",
    "datePublished": "2024-06-11T14:13:23.771Z",
    "dateReserved": "2024-05-14T15:39:41.785Z",
    "dateUpdated": "2025-02-21T16:56:42.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12650 (GCVE-0-2024-12650)

Vulnerability from cvelistv5 – Published: 2025-03-05 11:46 – Updated: 2025-03-05 14:12
VLAI
Title
Wago: Vulnerability in libwagosnmp
Summary
An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
WAGO CC100 0751-9x01 Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO Edge Controller 0752-8303/8000-0002 Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO PFC100 G1 0750-810x/xxxx-xxxx Affected: 0 , < 3.10.11 (semver)
Create a notification for this product.
WAGO PFC100 G1 0750-810x/xxxx-xxxx Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO PFC100 G2 0750-811x-xxxx-xxxx Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO PFC200 G1 750-820x-xxx-xxx Affected: 0 , < 3.10.11 (semver)
Create a notification for this product.
WAGO PFC200 G1 750-820x-xxx-xxx Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO PFC200 G2 750-821x-xxx-xxx Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO TP600 0762-420x/8000-000x Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO TP600 0762-430x/8000-000x Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO TP600 0762-520x/8000-000x Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO TP600 0762-530x/8000-000x Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO TP600 0762-620x/8000-000x Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
WAGO TP600 0762-630x/8000-000x Affected: 0 , < 04.07.01 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T14:11:34.419639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T14:12:02.004Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.\u003c/p\u003e"
            }
          ],
          "value": "An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-05T11:46:15.486Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2025-004"
        }
      ],
      "source": {
        "advisory": "VDE-2025-004",
        "defect": [
          "CERT@VDE#641731"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Wago: Vulnerability in libwagosnmp",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-12650",
    "datePublished": "2025-03-05T11:46:15.486Z",
    "dateReserved": "2024-12-16T07:37:06.620Z",
    "dateUpdated": "2025-03-05T14:12:02.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8110 (GCVE-0-2024-8110)

Vulnerability from cvelistv5 – Published: 2024-09-17 02:04 – Updated: 2024-09-17 15:04
VLAI
Summary
Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Yokogawa Electric Corporation Dual-redundant Platform for Computer (PC2CKM) Affected: R1.01.00 , ≤ R2.03.00 (custom)
Create a notification for this product.
yokogawa dual-redundant_platform_for_computer_\(pc2ckm\) Affected: r1.01.00 , ≤ r2.03.00 (custom)
    cpe:2.3:a:yokogawa:dual-redundant_platform_for_computer_\(pc2ckm\):*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-09-17 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:yokogawa:dual-redundant_platform_for_computer_\\(pc2ckm\\):*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dual-redundant_platform_for_computer_\\(pc2ckm\\)",
            "vendor": "yokogawa",
            "versions": [
              {
                "lessThanOrEqual": "r2.03.00",
                "status": "affected",
                "version": "r1.01.00",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8110",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T14:57:26.649250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T15:04:05.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Dual-redundant Platform for Computer (PC2CKM)",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "lessThanOrEqual": "R2.03.00",
              "status": "affected",
              "version": "R1.01.00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-09-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.\u003cbr\u003eIf a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.\u003cbr\u003eIf both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable."
            }
          ],
          "value": "Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.\nIf a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.\nIf both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T02:04:53.739Z",
        "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "shortName": "YokogawaGroup"
      },
      "references": [
        {
          "url": "https://web-material3.yokogawa.com/1/36276/files/YSAR-24-0003-E.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
    "assignerShortName": "YokogawaGroup",
    "cveId": "CVE-2024-8110",
    "datePublished": "2024-09-17T02:04:53.739Z",
    "dateReserved": "2024-08-23T01:00:38.184Z",
    "dateUpdated": "2024-09-17T15:04:05.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-53
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Implementation

Ensure that you account for all possible return values from the function.

Mitigation
Implementation

When designing a function, make sure you return a value or throw an exception in case of an error.

No CAPEC attack patterns related to this CWE.