Common Weakness Enumeration

CWE-328

Allowed

Use of Weak Hash

Abstraction: Base · Status: Draft

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

149 vulnerabilities reference this CWE, most recent first.

CVE-2025-8260 (GCVE-0-2025-8260)

Vulnerability from cvelistv5 – Published: 2025-07-28 06:02 – Updated: 2026-04-15 07:02
VLAI
Title
Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash
Summary
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Vaelsys VaelsysV4 Affected: 5.0
Affected: 5.1
Affected: 5.1.0
Affected: 5.2
Affected: 5.3
Affected: 5.4.0
Unaffected: 5.1.1
Unaffected: 5.4.1
Create a notification for this product.
Credits
waiwai24 (VulDB User) security_vaelsys (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8260",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T15:57:53.324478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T15:58:03.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web interface"
          ],
          "product": "VaelsysV4",
          "vendor": "Vaelsys",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "status": "affected",
              "version": "5.4.0"
            },
            {
              "status": "unaffected",
              "version": "5.1.1"
            },
            {
              "status": "unaffected",
              "version": "5.4.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "waiwai24 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "security_vaelsys (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.1,
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T07:02:44.090Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-317848 | Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/317848"
        },
        {
          "name": "VDB-317848 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/317848/cti"
        },
        {
          "name": "Submit #616922 | Vaelsys Vaelsys V4 v4.1.0  Unauthorized Access Leads to Sensitive Information Leakage",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/616922"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Unauthorized_Access_Leads_to_Sensitive_Information_Leakage_in_Vaelsys_V4_Platform.md"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://vaelsys.github.io/security-advisory/advisories/VSEC_V4_2025_07_0002.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-20T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-15T09:07:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8260",
    "datePublished": "2025-07-28T06:02:05.309Z",
    "dateReserved": "2025-07-26T16:14:24.601Z",
    "dateUpdated": "2026-04-15T07:02:44.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3576 (GCVE-0-2025-3576)

Vulnerability from cvelistv5 – Published: 2025-04-15 05:55 – Updated: 2026-06-30 00:24
VLAI
Title
Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
Summary
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 1.22 (semver)
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.21.3-8.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.18.2-32.el8_10 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.17-19.el8_2.3 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.18.2-9.el8_4.3 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.18.2-9.el8_4.3 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.18.2-16.el8_6.4 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.6::baseos
    cpe:/o:redhat:rhel_e4s:8.6::baseos
    cpe:/o:redhat:rhel_tus:8.6::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.18.2-16.el8_6.4 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.6::baseos
    cpe:/o:redhat:rhel_e4s:8.6::baseos
    cpe:/o:redhat:rhel_tus:8.6::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.18.2-16.el8_6.4 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.6::baseos
    cpe:/o:redhat:rhel_e4s:8.6::baseos
    cpe:/o:redhat:rhel_tus:8.6::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.18.2-26.el8_8.5 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.8::baseos
    cpe:/o:redhat:rhel_tus:8.8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.18.2-26.el8_8.5 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.8::baseos
    cpe:/o:redhat:rhel_tus:8.8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.21.1-8.el9_6 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.19.1-16.el9_0.4 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
    cpe:/o:redhat:rhel_e4s:9.0::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.20.1-9.el9_2.3 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
    cpe:/o:redhat:rhel_e4s:9.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.21.1-2.el9_4.2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
    cpe:/o:redhat:rhel_eus:9.4::baseos
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 2.0.0-1752592913 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.17.1 (custom)
Create a notification for this product.
Date Public
2025-04-15 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T13:11:53.062910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T13:12:04.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-30T17:02:59.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000RE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1500",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1501",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1510",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1511",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1512",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1524",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1536",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:16.998Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://web.mit.edu/kerberos/",
          "defaultStatus": "unaffected",
          "packageName": "krb5",
          "versions": [
            {
              "lessThan": "1.22",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.21.3-8.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-32.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.17-19.el8_2.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-9.el8_4.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-9.el8_4.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-16.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-16.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-16.el8_6.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-26.el8_8.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.18.2-26.el8_8.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.21.1-8.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.21.1-8.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.19.1-16.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.20.1-9.el9_2.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.21.1-2.el9_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.0.0-1752592913",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "krb5",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T00:24:38.183Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:11487",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11487"
        },
        {
          "name": "RHSA-2025:13664",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13664"
        },
        {
          "name": "RHSA-2025:13777",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13777"
        },
        {
          "name": "RHSA-2025:15000",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15000"
        },
        {
          "name": "RHSA-2025:15001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15001"
        },
        {
          "name": "RHSA-2025:15002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15002"
        },
        {
          "name": "RHSA-2025:15003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15003"
        },
        {
          "name": "RHSA-2025:15004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15004"
        },
        {
          "name": "RHSA-2025:8411",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8411"
        },
        {
          "name": "RHSA-2025:9418",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9418"
        },
        {
          "name": "RHSA-2025:9430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9430"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3576"
        },
        {
          "name": "RHBZ#2359465",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465"
        },
        {
          "url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-14T11:00:53.484Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-15T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-328: Use of Weak Hash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3576",
    "datePublished": "2025-04-15T05:55:26.732Z",
    "dateReserved": "2025-04-14T09:53:43.906Z",
    "dateUpdated": "2026-06-30T00:24:38.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2920 (GCVE-0-2025-2920)

Vulnerability from cvelistv5 – Published: 2025-03-28 18:00 – Updated: 2025-03-28 20:01
VLAI
Title
Netis WF-2404 passwd weak hash
Summary
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Netis WF-2404 Affected: 1.1.124EN
Create a notification for this product.
Credits
scoozi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2920",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-28T20:00:12.960751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-28T20:01:38.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WF-2404",
          "vendor": "Netis",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.124EN"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "scoozi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /\u0435tc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Netis WF-2404 1.1.124EN ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /\u0435tc/passwd. Dank der Manipulation mit unbekannten Daten kann eine use of weak hash-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.2,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-28T18:00:10.769Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-301895 | Netis WF-2404 passwd weak hash",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.301895"
        },
        {
          "name": "VDB-301895 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.301895"
        },
        {
          "name": "Submit #521037 | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.521037"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-28T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-28T12:53:39.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netis WF-2404 passwd weak hash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2920",
    "datePublished": "2025-03-28T18:00:10.769Z",
    "dateReserved": "2025-03-28T11:48:27.854Z",
    "dateUpdated": "2025-03-28T20:01:38.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0508 (GCVE-0-2025-0508)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-10-15 12:50
VLAI
Title
MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk
Summary
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-328 - Reversible One-Way Hash
Assigner
Impacted products
Vendor Product Version
aws aws/sagemaker-python-sdk Affected: unspecified , < 4965 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0508",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T14:26:53.232640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T14:33:30.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aws/sagemaker-python-sdk",
          "vendor": "aws",
          "versions": [
            {
              "lessThan": "4965",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328 Reversible One-Way Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T12:50:48.695Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058d34af2"
        },
        {
          "url": "https://github.com/aws/sagemaker-python-sdk/commit/dcdd99f911e8b1a05d19cf1ad939b0fefae47864"
        }
      ],
      "source": {
        "advisory": "eb056818-5b81-466f-81ee-916058d34af2",
        "discovery": "EXTERNAL"
      },
      "title": "MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2025-0508",
    "datePublished": "2025-03-20T10:11:30.798Z",
    "dateReserved": "2025-01-15T20:33:39.280Z",
    "dateUpdated": "2025-10-15T12:50:48.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56516 (GCVE-0-2024-56516)

Vulnerability from cvelistv5 – Published: 2024-12-30 16:19 – Updated: 2024-12-30 16:48
VLAI
Title
free-one-api uses md5 for password storage
Summary
free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
RockChinQ free-one-api Affected: <= 1.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56516",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-30T16:48:13.058983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-30T16:48:21.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "free-one-api",
          "vendor": "RockChinQ",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-30T16:19:47.571Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/RockChinQ/free-one-api/security/advisories/GHSA-36cc-58vm-wm4h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/RockChinQ/free-one-api/security/advisories/GHSA-36cc-58vm-wm4h"
        },
        {
          "name": "https://github.com/RockChinQ/free-one-api/blob/4d6ee42ffbb224b95be32c26cabc28d54d01bf78/web/src/main.js#L15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RockChinQ/free-one-api/blob/4d6ee42ffbb224b95be32c26cabc28d54d01bf78/web/src/main.js#L15"
        }
      ],
      "source": {
        "advisory": "GHSA-36cc-58vm-wm4h",
        "discovery": "UNKNOWN"
      },
      "title": "free-one-api uses md5 for password storage"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-56516",
    "datePublished": "2024-12-30T16:19:47.571Z",
    "dateReserved": "2024-12-26T20:47:25.612Z",
    "dateUpdated": "2024-12-30T16:48:21.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56414 (GCVE-0-2024-56414)

Vulnerability from cvelistv5 – Published: 2025-01-02 15:26 – Updated: 2025-01-02 17:08
VLAI
Summary
Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis Cyber Protect 16 Affected: unspecified , < 39169 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T17:08:06.251187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-02T17:08:22.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect 16",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "39169",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T15:26:10.784Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-1911",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-1911"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2024-56414",
    "datePublished": "2025-01-02T15:26:10.784Z",
    "dateReserved": "2024-12-23T18:49:13.540Z",
    "dateUpdated": "2025-01-02T17:08:22.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-55885 (GCVE-0-2024-55885)

Vulnerability from cvelistv5 – Published: 2024-12-12 19:23 – Updated: 2024-12-13 15:46
VLAI
Title
Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames
Summary
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-328 - Use of Weak Hash
  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
Vendor Product Version
beego beego Affected: < 2.3.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-13T15:46:03.778479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-13T15:46:22.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "beego",
          "vendor": "beego",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T19:23:14.239Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw"
        },
        {
          "name": "https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4"
        }
      ],
      "source": {
        "advisory": "GHSA-9j3m-fr7q-jxfw",
        "discovery": "UNKNOWN"
      },
      "title": "Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-55885",
    "datePublished": "2024-12-12T19:23:14.239Z",
    "dateReserved": "2024-12-12T15:00:38.901Z",
    "dateUpdated": "2024-12-13T15:46:22.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54143 (GCVE-0-2024-54143)

Vulnerability from cvelistv5 – Published: 2024-12-06 16:14 – Updated: 2024-12-06 20:54
VLAI
Title
openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection
Summary
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to "poison" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
openwrt asu Affected: < 920c8a1
Create a notification for this product.
openwrt asu Affected: 0 , < 920c8a1 (custom)
    cpe:2.3:o:openwrt:asu:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:openwrt:asu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "asu",
            "vendor": "openwrt",
            "versions": [
              {
                "lessThan": "920c8a1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T20:48:08.956659Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T20:54:32.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asu",
          "vendor": "openwrt",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 920c8a1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to \"poison\" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-06T16:14:39.169Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q"
        },
        {
          "name": "https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e"
        }
      ],
      "source": {
        "advisory": "GHSA-r3gq-96h6-3v7q",
        "discovery": "UNKNOWN"
      },
      "title": "openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-54143",
    "datePublished": "2024-12-06T16:14:39.169Z",
    "dateReserved": "2024-11-29T18:02:16.755Z",
    "dateUpdated": "2024-12-06T20:54:32.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52521 (GCVE-0-2024-52521)

Vulnerability from cvelistv5 – Published: 2024-11-15 16:38 – Updated: 2024-11-15 17:04
VLAI
Title
Nextcloud Server has a potential hash collision for background jobs could skip queuing them
Summary
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
nextcloud security-advisories Affected: >= 28.0.0, < 28.0.10
Affected: >= 29.0.0, < 29.0.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T17:04:05.765293Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:04:24.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 28.0.0, \u003c 28.0.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 29.0.0, \u003c 29.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T16:38:49.174Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2q6f-gjgj-7hp4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2q6f-gjgj-7hp4"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/47769",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/47769"
        },
        {
          "name": "https://github.com/nextcloud/server/commit/a933ba1fdba77e7d8c6b8ff400e082cf853ea46d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/commit/a933ba1fdba77e7d8c6b8ff400e082cf853ea46d"
        }
      ],
      "source": {
        "advisory": "GHSA-2q6f-gjgj-7hp4",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Server has a potential hash collision for background jobs could skip queuing them"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52521",
    "datePublished": "2024-11-15T16:38:49.174Z",
    "dateReserved": "2024-11-11T18:49:23.559Z",
    "dateUpdated": "2024-11-15T17:04:24.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48924 (GCVE-0-2024-48924)

Vulnerability from cvelistv5 – Published: 2024-10-17 20:36 – Updated: 2024-10-18 17:20
VLAI
Title
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Summary
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data. ### Workarounds If upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround as follows: 1. Declare a class that derives from `MessagePackSecurity`. 2. Override the `GetHashCollisionResistantEqualityComparer<T>` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer<T>()`. 3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object. 4. Use your custom options object for all deserialization operations. This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method. ### References - Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security). - The .NET team's [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md). ### For more information If you have any questions or comments about this advisory: * [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions) * [Email us privately](mailto:andrewarnott@live.com)
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MessagePack-CSharp MessagePack-CSharp Affected: < 2.5.187
Affected: >= 2.6.95-alpha, < 3.0.214-rc.1
Create a notification for this product.
messagepack messagepack-csharp Affected: 0 , < 2.5.187 (custom)
Affected: 2.6.95-alpha , < 3.0.214-rc.1 (custom)
    cpe:2.3:a:messagepack:messagepack-csharp:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:messagepack:messagepack-csharp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "messagepack-csharp",
            "vendor": "messagepack",
            "versions": [
              {
                "lessThan": "2.5.187",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.0.214-rc.1",
                "status": "affected",
                "version": "2.6.95-alpha",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T17:15:55.413671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T17:20:11.062Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MessagePack-CSharp",
          "vendor": "MessagePack-CSharp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.5.187"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.6.95-alpha, \u003c 3.0.214-rc.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "### Impact\n\nWhen this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized.\n\nThis is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability.\n\n### Patches\n\nThe following steps are required to mitigate this risk.\n\n1. Upgrade to a version of the library where a fix is available.\n1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data.\n\n### Workarounds\n\nIf upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround as follows:\n\n1. Declare a class that derives from `MessagePackSecurity`.\n2. Override the `GetHashCollisionResistantEqualityComparer\u003cT\u003e` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer\u003cT\u003e()`.\n3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object.\n4. Use your custom options object for all deserialization operations. This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method.\n\n### References\n\n- Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security).\n- The .NET team\u0027s [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions)\n* [Email us privately](mailto:andrewarnott@live.com)"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T20:36:40.570Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-4qm4-8hg2-g2xm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-4qm4-8hg2-g2xm"
        },
        {
          "name": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/8e599af0798b45008f8b293a7f233e4878f11ed5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/8e599af0798b45008f8b293a7f233e4878f11ed5"
        },
        {
          "name": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/f8d40b3ad0be01c6e56cb51ecea81f59d98c192d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/f8d40b3ad0be01c6e56cb51ecea81f59d98c192d"
        }
      ],
      "source": {
        "advisory": "GHSA-4qm4-8hg2-g2xm",
        "discovery": "UNKNOWN"
      },
      "title": "MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-48924",
    "datePublished": "2024-10-17T20:36:40.570Z",
    "dateReserved": "2024-10-09T22:06:46.174Z",
    "dateUpdated": "2024-10-18T17:20:11.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-51
Architecture and Design
  • Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
  • Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
  • Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness

An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.

CAPEC-68: Subvert Code-signing Facilities

Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.