Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

686 vulnerabilities reference this CWE, most recent first.

GHSA-52VF-HVV3-98H7

Vulnerability from github – Published: 2023-03-03 22:53 – Updated: 2023-03-03 22:53
VLAI
Summary
xwiki vulnerable to Improper Handling of Exceptional Conditions
Details

Impact

Users with write rights can insert well-formed content that is not handled well by the parser. For instance, with xwiki/2.1, inserting a deeply nested group blocks (((( ((( ((( ((( .... ))) ))) ))) ))) (see the generator below to produce a large payload) can lead to the parser throwing a StackOverflowError. As a consequence, some pages becomes unusable, including: - the user index (if the page containing the faulty content is a user page) - the page index

Note that on the page, the normal UI is completely missing and it is not possible to open the editor directly to revert the change as the stack overflow is already triggered while getting the title of the document. This means that it is quite difficult to remove this content once inserted.

Patches

This has been patched on XWiki 13.10.10, 14.4.6, and 14.9-rc-1.

Workarounds

A temporary solution to avoid Stack Overflow errors is to increase the memory allocated to the stack by using the -Xss JVM parameter (e.g., -Xss32m). This should allow the parser to pass and to fix the faulty content. Note that we did not evaluated the consequence on other aspects of the system (e.g., performances), and should be only be used as a temporary solution. Also, this does not prevent the issue to occur again with another content. Consequently, it is strongly advised to upgrade to a version where the issue has been patched.

References

  • https://jira.xwiki.org/browse/XWIKI-19838

For more information

If you have any questions or comments about this advisory: - Open an issue in Jira - Email us at Security ML

Payload Generator

The Javascript code below produces 32768 nested group blocks, around the Hello text.

let result = "(((\nHello\n)))";
for (let i = 0; i < 15; ++i) {
  result = result.replace("Hello", result);
}
console.log(result);
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-rendering-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0"
            },
            {
              "fixed": "13.10.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-rendering-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0"
            },
            {
              "fixed": "14.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-rendering-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.9-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-26479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-03T22:53:35Z",
    "nvd_published_at": "2023-03-02T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nUsers with write rights can insert well-formed content that is not handled well by the parser. For instance, with `xwiki/2.1`, inserting a deeply nested group blocks (`((( ((( ((( ((( .... ))) ))) ))) )))` (see the generator below to produce a large payload) can lead to the parser throwing a `StackOverflowError`.\nAs a consequence, some pages becomes unusable, including:\n- the user index (if the page containing the faulty content is a user page)\n- the page index\n\nNote that on the page, the normal UI is completely missing and it is not possible to open the editor directly to revert the change as the stack overflow is already triggered while getting the title of the document. This means that it is quite difficult to remove this content once inserted.\n\n### Patches\nThis has been patched on XWiki 13.10.10, 14.4.6, and 14.9-rc-1.\n\n### Workarounds\nA temporary solution to avoid Stack Overflow errors is to increase the memory allocated to the stack by using the `-Xss` JVM parameter (e.g., `-Xss32m`). This should allow the parser to pass and to fix the faulty content.\nNote that we did not evaluated the consequence on other aspects of the system (e.g., performances), and should be only be used as a temporary solution.\nAlso, this does not prevent the issue to occur again with another content.\nConsequently, it is strongly advised to upgrade to a version where the issue has been patched.\n\n### References\n- https://jira.xwiki.org/browse/XWIKI-19838\n\n### For more information\nIf you have any questions or comments about this advisory:\n- Open an issue in [Jira](http://jira.xwiki.org/)\n- Email us at [Security ML](mailto:security@xwiki.org)\n\n### Payload Generator\n\nThe Javascript code below produces 32768 nested group blocks, around the `Hello` text.\n\n```javascript\nlet result = \"(((\\nHello\\n)))\";\nfor (let i = 0; i \u003c 15; ++i) {\n  result = result.replace(\"Hello\", result);\n}\nconsole.log(result);\n```\n",
  "id": "GHSA-52vf-hvv3-98h7",
  "modified": "2023-03-03T22:53:35Z",
  "published": "2023-03-03T22:53:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26479"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-19838"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "xwiki vulnerable to Improper Handling of Exceptional Conditions"
}

GHSA-556R-96Q6-PPP2

Vulnerability from github – Published: 2024-11-13 18:32 – Updated: 2024-11-27 18:34
VLAI
Details

The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T17:15:12Z",
    "severity": "HIGH"
  },
  "details": "The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.",
  "id": "GHSA-556r-96q6-ppp2",
  "modified": "2024-11-27T18:34:00Z",
  "published": "2024-11-13T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9413"
    },
    {
      "type": "WEB",
      "url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55H2-P95W-Q7PV

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-10-22 12:00
VLAI
Details

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC PowerScale OneFS versions 8.1.2 \u2013 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.",
  "id": "GHSA-55h2-p95w-q7pv",
  "modified": "2022-10-22T12:00:30Z",
  "published": "2022-05-24T22:28:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26195"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55RX-W9V4-HWVV

Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-11 18:31
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.

This issue affects:

Junos OS:

  • 22.4 versions before 22.4R3-S1,
  • 23.2 versions before 23.2R2, 
  • 23.4 versions before 23.4R1-S1, 23.4R2, 

This issue does not affect Junos OS versions earlier than 22.4R1.

Junos OS Evolved:

  • 22.4-EVO versions before 22.4R3-S2-EVO,
  • 23.2-EVO versions before 23.2R2-EVO,
  • 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,

This issue does not affect Junos OS Evolved versions earlier than

before 22.4R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nWhen conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  22.4 versions before 22.4R3-S1,\n  *  23.2 versions before 23.2R2,\u00a0\n  *  23.4 versions before 23.4R1-S1, 23.4R2,\u00a0\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 22.4R1.\n\nJunos OS Evolved:\n\n\n\n  *  22.4-EVO versions before 22.4R3-S2-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO,\n  *  23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions earlier than \n\nbefore 22.4R1.",
  "id": "GHSA-55rx-w9v4-hwvv",
  "modified": "2024-07-11T18:31:13Z",
  "published": "2024-07-11T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39541"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA83001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-563C-G7MM-G4XP

Vulnerability from github – Published: 2024-08-06 15:30 – Updated: 2024-08-07 00:30
VLAI
Details

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-06T13:15:57Z",
    "severity": "CRITICAL"
  },
  "details": "Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, and Firefox ESR \u003c 128.1.",
  "id": "GHSA-563c-g7mm-g4xp",
  "modified": "2024-08-07T00:30:47Z",
  "published": "2024-08-06T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7521"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1904644"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-33"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-34"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-35"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-37"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-56J4-446M-QRF6

Vulnerability from github – Published: 2025-06-30 17:54 – Updated: 2025-07-29 23:43
VLAI
Summary
Babylon vulnerable to chain half when transaction has fees different than `ubbn`
Details

Summary

Sending transactions with fees different than native Babylon genesis denom (ubbn) leads to chain halt.

Impact

Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module - https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/keeper/allocation.go#L28 Babylon Genesis will halt

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T17:54:02Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nSending transactions with fees different than native Babylon genesis denom (`ubbn`) leads to chain halt.\n\n### Impact\n\nDenial of Service - Due to panic in the `x/distribution` module `BeginBlocker` triggered by a error when sending fees  from `feeCollector` to `x/distribution` module - https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/keeper/allocation.go#L28 Babylon Genesis will halt",
  "id": "GHSA-56j4-446m-qrf6",
  "modified": "2025-07-29T23:43:41Z",
  "published": "2025-06-30T17:54:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-56j4-446m-qrf6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babylonlabs-io/babylon/commit/fe67aebd5216e7d3afa1d7dee2a3f82e548556f3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/babylonlabs-io/babylon"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/keeper/allocation.go#L28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Babylon vulnerable to chain half when transaction has fees different than `ubbn`"
}

GHSA-574H-82R6-G95W

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10
VLAI
Details

Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-12T20:15:00Z",
    "severity": "LOW"
  },
  "details": "Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.",
  "id": "GHSA-574h-82r6-g95w",
  "modified": "2022-05-24T17:10:51Z",
  "published": "2022-05-24T17:10:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0511"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200320-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-58P3-3997-G6QM

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-09T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.",
  "id": "GHSA-58p3-3997-g6qm",
  "modified": "2022-05-24T19:07:20Z",
  "published": "2022-05-24T19:07:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33795"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-58P7-GJ75-3437

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2023-08-31 03:30
VLAI
Details

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-14T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.",
  "id": "GHSA-58p7-gj75-3437",
  "modified": "2023-08-31T03:30:36Z",
  "published": "2022-05-24T19:05:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21439"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "https://otrs.com/release-notes/otrs-security-advisory-2021-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58P8-2Q88-9M3P

Vulnerability from github – Published: 2024-09-04 06:30 – Updated: 2024-09-04 06:30
VLAI
Details

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T06:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.",
  "id": "GHSA-58p8-2q88-9m3p",
  "modified": "2024-09-04T06:30:41Z",
  "published": "2024-09-04T06:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34639"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.