Common Weakness Enumeration

CWE-190

Allowed

Integer Overflow or Wraparound

Abstraction: Base · Status: Stable

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

3867 vulnerabilities reference this CWE, most recent first.

CVE-2024-20654 (GCVE-0-2024-20654)

Vulnerability from cvelistv5 – Published: 2024-01-09 17:56 – Updated: 2025-06-17 20:59
VLAI
Title
Microsoft ODBC Driver Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver Remote Code Execution Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.2227 (custom)
Create a notification for this product.
Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.2713 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19043.0 , < 10.0.19044.3930 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22621.3007 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.3930 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H3 Affected: 10.0.22631.0 , < 10.0.22631.3007 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 23H2 Affected: 10.0.22631.0 , < 10.0.22631.3007 (custom)
Create a notification for this product.
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) Affected: 10.0.25398.0 , < 10.0.25398.643 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.20402 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.6614 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.6614 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.6614 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.22464 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.6003.0 , < 6.0.6003.22464 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.22464 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.7601.0 , < 6.1.7601.26910 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.1.7601.0 , < 6.1.7601.26910 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.24664 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.24664 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.21765 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.21765 (custom)
Create a notification for this product.
Date Public
2024-01-09 08:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-10T16:44:26.588237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T20:59:09.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2227",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2713",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.3930",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3007",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.3930",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3007",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3007",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.643",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20402",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22464",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22464",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22464",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26910",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26910",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24664",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24664",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21765",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21765",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2227",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2713",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.3930",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3007",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.3930",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3007",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3007",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.643",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20402",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6614",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6614",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6614",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22464",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22464",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.0.6003.22464",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26910",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26910",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24664",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24664",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21765",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21765",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:46:26.325Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654"
        }
      ],
      "title": "Microsoft ODBC Driver Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20654",
    "datePublished": "2024-01-09T17:56:47.283Z",
    "dateReserved": "2023-11-28T22:58:12.114Z",
    "dateUpdated": "2025-06-17T20:59:09.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20434 (GCVE-0-2024-20434)

Vulnerability from cvelistv5 – Published: 2024-09-25 16:29 – Updated: 2024-10-07 15:11
VLAI
Summary
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XE Software Affected: 16.6.1
Affected: 16.6.2
Affected: 16.6.3
Affected: 16.6.4
Affected: 16.6.5
Affected: 16.6.4a
Affected: 16.6.6
Affected: 16.6.7
Affected: 16.6.8
Affected: 16.6.9
Affected: 16.6.10
Affected: 16.7.1
Affected: 16.8.1
Affected: 16.8.1a
Affected: 16.8.1s
Affected: 16.9.1
Affected: 16.9.2
Affected: 16.9.1s
Affected: 16.9.3
Affected: 16.9.4
Affected: 16.9.5
Affected: 16.9.6
Affected: 16.9.7
Affected: 16.9.8
Affected: 16.10.1
Affected: 16.10.1s
Affected: 16.10.1e
Affected: 16.11.1
Affected: 16.11.1b
Affected: 16.11.1s
Affected: 16.12.1
Affected: 16.12.1s
Affected: 16.12.1c
Affected: 16.12.2
Affected: 16.12.3
Affected: 16.12.8
Affected: 16.12.2s
Affected: 16.12.4
Affected: 16.12.3s
Affected: 16.12.3a
Affected: 16.12.4a
Affected: 16.12.5
Affected: 16.12.6
Affected: 16.12.5b
Affected: 16.12.6a
Affected: 16.12.7
Affected: 17.1.1
Affected: 17.1.1s
Affected: 17.1.1t
Affected: 17.1.3
Affected: 17.2.1
Affected: 17.2.1a
Affected: 17.3.1
Affected: 17.3.2
Affected: 17.3.3
Affected: 17.3.2a
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.6
Affected: 17.3.4b
Affected: 17.3.7
Affected: 17.3.8
Affected: 17.3.8a
Affected: 17.4.1
Affected: 17.5.1
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.3
Affected: 17.6.4
Affected: 17.6.5
Affected: 17.6.6
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.6.7
Affected: 17.7.1
Affected: 17.10.1
Affected: 17.10.1b
Affected: 17.8.1
Affected: 17.9.1
Affected: 17.9.2
Affected: 17.9.3
Affected: 17.9.4
Affected: 17.9.5
Affected: 17.9.4a
Affected: 17.11.1
Affected: 17.12.1
Affected: 17.12.2
Affected: 17.12.3
Affected: 17.13.1
Affected: 17.14.1
Affected: 17.11.99SW
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T17:58:41.111852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T17:58:50.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.6.1"
            },
            {
              "status": "affected",
              "version": "16.6.2"
            },
            {
              "status": "affected",
              "version": "16.6.3"
            },
            {
              "status": "affected",
              "version": "16.6.4"
            },
            {
              "status": "affected",
              "version": "16.6.5"
            },
            {
              "status": "affected",
              "version": "16.6.4a"
            },
            {
              "status": "affected",
              "version": "16.6.6"
            },
            {
              "status": "affected",
              "version": "16.6.7"
            },
            {
              "status": "affected",
              "version": "16.6.8"
            },
            {
              "status": "affected",
              "version": "16.6.9"
            },
            {
              "status": "affected",
              "version": "16.6.10"
            },
            {
              "status": "affected",
              "version": "16.7.1"
            },
            {
              "status": "affected",
              "version": "16.8.1"
            },
            {
              "status": "affected",
              "version": "16.8.1a"
            },
            {
              "status": "affected",
              "version": "16.8.1s"
            },
            {
              "status": "affected",
              "version": "16.9.1"
            },
            {
              "status": "affected",
              "version": "16.9.2"
            },
            {
              "status": "affected",
              "version": "16.9.1s"
            },
            {
              "status": "affected",
              "version": "16.9.3"
            },
            {
              "status": "affected",
              "version": "16.9.4"
            },
            {
              "status": "affected",
              "version": "16.9.5"
            },
            {
              "status": "affected",
              "version": "16.9.6"
            },
            {
              "status": "affected",
              "version": "16.9.7"
            },
            {
              "status": "affected",
              "version": "16.9.8"
            },
            {
              "status": "affected",
              "version": "16.10.1"
            },
            {
              "status": "affected",
              "version": "16.10.1s"
            },
            {
              "status": "affected",
              "version": "16.10.1e"
            },
            {
              "status": "affected",
              "version": "16.11.1"
            },
            {
              "status": "affected",
              "version": "16.11.1b"
            },
            {
              "status": "affected",
              "version": "16.11.1s"
            },
            {
              "status": "affected",
              "version": "16.12.1"
            },
            {
              "status": "affected",
              "version": "16.12.1s"
            },
            {
              "status": "affected",
              "version": "16.12.1c"
            },
            {
              "status": "affected",
              "version": "16.12.2"
            },
            {
              "status": "affected",
              "version": "16.12.3"
            },
            {
              "status": "affected",
              "version": "16.12.8"
            },
            {
              "status": "affected",
              "version": "16.12.2s"
            },
            {
              "status": "affected",
              "version": "16.12.4"
            },
            {
              "status": "affected",
              "version": "16.12.3s"
            },
            {
              "status": "affected",
              "version": "16.12.3a"
            },
            {
              "status": "affected",
              "version": "16.12.4a"
            },
            {
              "status": "affected",
              "version": "16.12.5"
            },
            {
              "status": "affected",
              "version": "16.12.6"
            },
            {
              "status": "affected",
              "version": "16.12.5b"
            },
            {
              "status": "affected",
              "version": "16.12.6a"
            },
            {
              "status": "affected",
              "version": "16.12.7"
            },
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.3"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.4b"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.3.8"
            },
            {
              "status": "affected",
              "version": "17.3.8a"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.6.7"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.5"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.13.1"
            },
            {
              "status": "affected",
              "version": "17.14.1"
            },
            {
              "status": "affected",
              "version": "17.11.99SW"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device.\r\n\r This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-07T15:11:22.263Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-vlan-dos-27Pur5RT",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vlan-dos-27Pur5RT"
        }
      ],
      "source": {
        "advisory": "cisco-sa-vlan-dos-27Pur5RT",
        "defects": [
          "CSCwi34160"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20434",
    "datePublished": "2024-09-25T16:29:54.386Z",
    "dateReserved": "2023-11-08T15:08:07.667Z",
    "dateUpdated": "2024-10-07T15:11:22.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-13614 (GCVE-0-2024-13614)

Vulnerability from cvelistv5 – Published: 2025-02-06 16:13 – Updated: 2025-02-12 19:51
VLAI
Summary
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Credits
Florian Schweins
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13614",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T16:34:12.660585Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:51:09.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Kaspersky Anti-Virus SDK for Windows",
          "vendor": "Kaspersky",
          "versions": [
            {
              "lessThanOrEqual": "8.10.1.1943",
              "status": "affected",
              "version": "8.10.1.1943",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.10.1.1943 CF",
              "status": "affected",
              "version": "8.10.1.1943 CF",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Kaspersky Security for Virtualization Light Agent",
          "vendor": "Kaspersky",
          "versions": [
            {
              "lessThan": "5.2.27.319",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.2.27.319",
              "status": "unknown",
              "version": "5.2.27.319",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Endpoint Security for Windows",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Small Office Security",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky for Windows (Standard, Plus, Premium)",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Free",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Anti-Virus",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Internet Security",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Security Cloud",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Safe Kids",
          "vendor": "Kaspersky"
        },
        {
          "defaultStatus": "unknown",
          "product": "Kaspersky Anti-Ransomware Tool",
          "vendor": "Kaspersky"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Florian Schweins"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "There have been no recorded attempts to exploit this issue in the wild."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-06T16:16:54.229Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "name": "Advisory issued on February 6, 2025",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions."
        },
        {
          "lang": "en",
          "value": "Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud"
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        },
        {
          "lang": "en",
          "value": "The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-06T00:00:00.000Z",
          "value": "Advisory published by Kaspersky"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2024-13614",
    "datePublished": "2025-02-06T16:13:08.173Z",
    "dateReserved": "2025-01-22T06:31:25.425Z",
    "dateUpdated": "2025-02-12T19:51:09.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11347 (GCVE-0-2024-11347)

Vulnerability from cvelistv5 – Published: 2025-02-13 18:55 – Updated: 2025-02-13 19:09
VLAI
Title
Access of Resource Using Incompatible Type in Postscript interpreter
Summary
Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Lexmark International CX, XC, CS, et. al. Affected: 0 , ≤ CXTLS.240.076 (custom)
Affected: CXTLS.240.200 , < * (custom)
Affected: 0 , ≤ MXTLS.240.076 (custom)
Affected: MXTLS.240.200 , < * (custom)
Affected: 0 , ≤ CSTLS.240.076 (custom)
Affected: CSTLS.240.200 , < * (custom)
Affected: 0 , ≤ MSNSN.240.042 (custom)
Affected: MSNSN.240.200 , < * (custom)
Affected: 0 , ≤ MSTSN.240.042 (custom)
Affected: MSTSN.240.200 , < * (custom)
Affected: 0 , ≤ MXTSN.240.042 (custom)
Affected: MXTSN.240.200 , < * (custom)
Affected: 0 , ≤ CSNGV.240.042 (custom)
Affected: CSNGV.240.200 , < * (custom)
Affected: 0 , ≤ CSTGV.240.042 (custom)
Affected: CSTGV.240.200 , < * (custom)
Affected: 0 , ≤ CXTGV.240.042 (custom)
Affected: CXTGV.240.200 , < * (custom)
Affected: 0 , ≤ CXTPC.240.042 (custom)
Affected: CXTPC.240.200 , < * (custom)
Affected: 0 , ≤ CSTPC.240.042 (custom)
Affected: CSTPC.240.200 , < * (custom)
Affected: 0 , ≤ MXTCT.240.042 (custom)
Affected: MXTCT.240.200 , < * (custom)
Affected: 0 , ≤ MXTPM.240.042 (custom)
Affected: MXTPM.240.200 , < * (custom)
Affected: 0 , ≤ CXTMM.240.042 (custom)
Affected: CXTMM.240.200 , < * (custom)
Affected: 0 , ≤ CSTMM.240.042 (custom)
Affected: CSTMM.240.200 , < * (custom)
Affected: 0 , ≤ CSTZJ.240.042 (custom)
Affected: CSTZJ.240.200 , < * (custom)
Affected: 0 , ≤ CSNZJ.240.042 (custom)
Affected: CSNZJ.240.200 , < * (custom)
Affected: 0 , ≤ CXTZJ.240.042 (custom)
Affected: CXTZJ.240.200 , < * (custom)
Affected: 0 , ≤ CXNZJ.240.042 (custom)
Affected: CXNZJ.240.200 , < * (custom)
Affected: 0 , ≤ MSNGM.240.042 (custom)
Affected: MSNGM.240.200 , < * (custom)
Affected: 0 , ≤ MSTGM.240.042 (custom)
Affected: MSTGM.240.200 , < * (custom)
Affected: 0 , ≤ MXNGM.240.042 (custom)
Affected: MXNGM.240.200 , < * (custom)
Affected: 0 , ≤ MXTGM.240.042 (custom)
Affected: MXTGM.240.200 , < * (custom)
Affected: 0 , ≤ MSNGW.240.042 (custom)
Affected: MSNGW.240.200 , < * (custom)
Affected: 0 , ≤ MSTGW.240.042 (custom)
Affected: MSTGW.240.200 , < * (custom)
Affected: 0 , ≤ MXTGW.240.042 (custom)
Affected: MXTGW.240.200 , < * (custom)
Affected: 0 , ≤ MSLSG.230.401 (custom)
Affected: 0 , ≤ MXLSG.230.401 (custom)
Affected: 0 , ≤ MSLBD.230.401 (custom)
Affected: 0 , ≤ MXLBD.230.401 (custom)
Affected: 0 , ≤ CSLBN.230.401 (custom)
Affected: 0 , ≤ CSLBL.230.401 (custom)
Affected: 0 , ≤ CXLBN.230.401 (custom)
Affected: 0 , ≤ CXLBL.230.401 (custom)
Affected: 0 , ≤ CXTPP.230.401 (custom)
Affected: 0 , ≤ CSTPP.230.401 (custom)
Affected: 0 , ≤ CSTAT.230.401 (custom)
Affected: 0 , ≤ CXTAT.230.401 (custom)
Affected: 0 , ≤ CSTMH.230.401 (custom)
Affected: 0 , ≤ CXTMH.230.401 (custom)
Affected: 0 , ≤ LW90.TL2.P215 (custom)
Affected: 0 , ≤ LW90.PR2.P215 (custom)
Affected: 0 , ≤ LW90.PR4.P215 (custom)
Affected: 0 , ≤ LW90.SB4.P215 (custom)
Affected: 0 , ≤ LW90.SB7.P215 (custom)
Affected: 0 , ≤ LW90.DN2.P215 (custom)
Affected: 0 , ≤ LW90.DN4.P215 (custom)
Affected: 0 , ≤ LW90.DN7.P215 (custom)
Affected: 0 , ≤ LW90.TU.P215 (custom)
Affected: 0 , ≤ LW90.SA.P215 (custom)
Affected: 0 , ≤ LW90.MG.P215 (custom)
Affected: 0 , ≤ LW90.GM7.P215 (custom)
Affected: 0 , ≤ LW90.GM4.P215 (custom)
Affected: 0 , ≤ LW90.VY4.P215 (custom)
Affected: 0 , ≤ LW80.PRL.P257 (custom)
Affected: 0 , ≤ LW80.SB2.P257 (custom)
Affected: 0 , ≤ LW80.VYL.P257 (custom)
Affected: 0 , ≤ LW80.VY2.P257 (custom)
Affected: 0 , ≤ LW80.GM2.P257 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11347",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T19:08:51.804229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T19:09:37.473Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Postscript interpreter"
          ],
          "product": "CX, XC, CS, et. al.",
          "vendor": "Lexmark International",
          "versions": [
            {
              "changes": [
                {
                  "at": "CXTLS.240.077 - CXTLS.240.199",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTLS.240.076",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTLS.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CXTLS.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTLS.240.077 - MXTLS.240.199",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXTLS.240.076",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTLS.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXTLS.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTLS.240.077 - CSTLS.240.199",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTLS.240.076",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTLS.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSTLS.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSNSN.240.043 - MSNSN.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSNSN.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSNSN.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MSNSN.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSTSN.240.043 - MSTSN.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSTSN.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSTSN.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MSTSN.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTSN.240.043 - MXTSN.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXTSN.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTSN.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXTSN.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSNGV.240.043 - CSNGV.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSNGV.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSNGV.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSNGV.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTGV.240.043 - CSTGV.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTGV.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTGV.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSTGV.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTGV.240.043 - CXTGV.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTGV.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTGV.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CXTGV.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTPC.240.043 - CXTPC.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTPC.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTPC.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CXTPC.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTPC.240.043 - CSTPC.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTPC.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTPC.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSTPC.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTCT.240.043 - MXTCT.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXTCT.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTCT.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXTCT.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTPM.240.043-MXTPM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXTPM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTPM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXTPM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTMM.240.043-CXTMM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTMM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTMM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CXTMM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTMM.240.043 - CSTMM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTMM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTMM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSTMM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTZJ.240.043 - CSTZJ.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTZJ.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTZJ.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSTZJ.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSNZJ.240.043 - CSNZJ.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSNZJ.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSNZJ.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CSNZJ.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTZJ.240.043 - CXTZJ.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTZJ.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTZJ.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CXTZJ.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXNZJ.240.043 - CXNZJ.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXNZJ.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXNZJ.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "CXNZJ.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSNGM.240.043 - MSNGM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSNGM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSNGM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MSNGM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSTGM.240.043 - MSTGM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSTGM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSTGM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MSTGM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXNGM.240.043 - MXNGM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXNGM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXNGM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXNGM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTGM.240.043 - MXTGM.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXTGM.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTGM.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXTGM.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSNGW.240.043 - MSNGW.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSNGW.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSNGW.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MSNGW.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSTGW.240.043 - MSTGW.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSTGW.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSTGW.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MSTGW.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTGW.240.043 - MXTGW.240.069",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXTGW.240.042",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXTGW.240.201 and later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "MXTGW.240.200",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSLSG.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSLSG.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXLSG.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXLSG.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSLBD.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MSLBD.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MXLBD.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "MXLBD.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSLBN.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSLBN.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSLBL.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSLBL.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXLBN.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXLBN.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXLBL.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXLBL.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTPP.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTPP.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTPP.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTPP.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTAT.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTAT.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTAT.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTAT.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CSTMH.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CSTMH.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "CXTMH.230.402 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "CXTMH.230.401",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.TL2.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.TL2.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.PR2.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.PR2.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.PR4.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.PR4.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.SB4.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.SB4.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.SB7.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.SB7.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.DN2.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.DN2.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.DN4.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.DN4.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.DN7.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.DN7.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.TU.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.TU.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.SA.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.SA.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.MG.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.MG.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.GM7.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.GM7.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.GM4.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.GM4.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW90.VY4.P216 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW90.VY4.P215",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW80.PRL.P258 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW80.PRL.P257",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW80.SB2.P258 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW80.SB2.P257",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW80.VYL.P258 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW80.VYL.P257",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW80.VY2.P258 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW80.VY2.P257",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "LW80.GM2.P258 and later",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "LW80.GM2.P257",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.\u003cp\u003eThe vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.\u003c/p\u003e"
            }
          ],
          "value": "Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-92",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-92 Forced Integer Overflow"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-13T18:55:22.943Z",
        "orgId": "7bc73191-a2b6-4c63-9918-753964601853",
        "shortName": "Lexmark"
      },
      "references": [
        {
          "url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Access of Resource Using Incompatible Type in Postscript interpreter",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Lexmark recommends a firmware update if your device has affected firmware."
            }
          ],
          "value": "Lexmark recommends a firmware update if your device has affected firmware."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
    "assignerShortName": "Lexmark",
    "cveId": "CVE-2024-11347",
    "datePublished": "2025-02-13T18:55:22.943Z",
    "dateReserved": "2024-11-18T16:10:43.479Z",
    "dateUpdated": "2025-02-13T19:09:37.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10917 (GCVE-0-2024-10917)

Vulnerability from cvelistv5 – Published: 2024-11-11 16:55 – Updated: 2024-11-12 20:14
VLAI
Title
Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength
Summary
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Open J9 Affected: 0.8.0 , ≤ 0.47.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10917",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T15:44:26.956117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:14:21.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Open J9",
          "repo": "https://github.com/eclipse-openj9/openj9",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "0.47.0",
              "status": "affected",
              "version": "0.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters."
            }
          ],
          "value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-11T16:55:11.393Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/47"
        },
        {
          "url": "https://github.com/eclipse-openj9/openj9/pull/20362"
        },
        {
          "url": "https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-10917",
    "datePublished": "2024-11-11T16:55:11.393Z",
    "dateReserved": "2024-11-06T09:21:23.318Z",
    "dateUpdated": "2024-11-12T20:14:21.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7867 (GCVE-0-2024-7867)

Vulnerability from cvelistv5 – Published: 2024-08-15 20:06 – Updated: 2024-08-16 17:12
VLAI
Title
Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates
Summary
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Xpdf Xpdf Affected: 0 , ≤ 4.05 (Version)
Create a notification for this product.
xpdfreader xpdf Affected: 0 , ≤ 4.05 (custom)
    cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
xiaobaozidi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xpdf",
            "vendor": "xpdfreader",
            "versions": [
              {
                "lessThanOrEqual": "4.05",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T17:08:56.250411Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T17:12:21.754Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "all"
          ],
          "product": "Xpdf",
          "vendor": "Xpdf",
          "versions": [
            {
              "lessThanOrEqual": "4.05",
              "status": "affected",
              "version": "0",
              "versionType": "Version"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "xiaobaozidi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.\u003cbr\u003e"
            }
          ],
          "value": "In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369 Divide By Zero",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-15T20:06:47.966Z",
        "orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
        "shortName": "GandC"
      },
      "references": [
        {
          "url": "https://www.xpdfreader.com/security-bug/CVE-2024-7867.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
    "assignerShortName": "GandC",
    "cveId": "CVE-2024-7867",
    "datePublished": "2024-08-15T20:06:47.966Z",
    "dateReserved": "2024-08-15T20:00:13.850Z",
    "dateUpdated": "2024-08-16T17:12:21.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7488 (GCVE-0-2024-7488)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:03 – Updated: 2026-06-03 11:31
VLAI
Title
Business Logic Error in RestApp Inc.'s Online Ordering System
Summary
Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
RestApp Inc. Online Ordering System Affected: 8.2.1 (custom)
Unaffected: 0 , ≤ 8.2.2 (custom)
Create a notification for this product.
restapp online_ordering_system Affected: 0 , ≤ 04.12.2024 (custom)
    cpe:2.3:a:restapp:online_ordering_system:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Yagiz BILGILI Privia Security Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:restapp:online_ordering_system:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "online_ordering_system",
            "vendor": "restapp",
            "versions": [
              {
                "lessThanOrEqual": "04.12.2024",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7488",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:31:14.564794Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T14:09:32.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Online Ordering System",
          "vendor": "RestApp Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.2.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yagiz BILGILI"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "Privia Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.\u003cp\u003e\n\u003c/p\u003e\u003cp\u003eThis issue affects Online Ordering System: 8.2.1. \u003c/p\u003e\u003cp\u003eNOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.\n\n\n\n\n\n\nThis issue affects Online Ordering System: 8.2.1. \n\n\n\nNOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-128",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-128 Integer Attacks"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T11:31:31.362Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1877"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1877"
        }
      ],
      "source": {
        "advisory": "TR-24-1877",
        "defect": [
          "TR-24-1877"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Business Logic Error in RestApp Inc.\u0027s Online Ordering System",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-7488",
    "datePublished": "2024-12-04T14:03:49.141Z",
    "dateReserved": "2024-08-05T13:32:43.125Z",
    "dateUpdated": "2026-06-03T11:31:31.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6638 (GCVE-0-2024-6638)

Vulnerability from cvelistv5 – Published: 2024-07-22 19:55 – Updated: 2024-08-01 21:41
VLAI
Title
Integer Overflow Vulnerability Reading TDMS Files in LabVIEW
Summary
An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
NI
Impacted products
Vendor Product Version
NI LabVIEW Affected: 0 , ≤ 24.1 (semver)
Create a notification for this product.
ni labview Affected: 0 , ≤ 24.1 (semver)
    cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
James McNally of Wiresmith Technology
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "labview",
            "vendor": "ni",
            "versions": [
              {
                "lessThanOrEqual": "24.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T14:13:58.614582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T14:18:20.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:04.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LabVIEW",
          "vendor": "NI",
          "versions": [
            {
              "lessThanOrEqual": "24.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "James McNally of Wiresmith Technology"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop.  Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file.  This vulnerability affects LabVIEW 2024 Q1 and prior versions.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop.  Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file.  This vulnerability affects LabVIEW 2024 Q1 and prior versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-92",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-92 Forced Integer Overflow"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T19:55:23.548Z",
        "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "shortName": "NI"
      },
      "references": [
        {
          "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer Overflow Vulnerability Reading TDMS Files in LabVIEW",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
    "assignerShortName": "NI",
    "cveId": "CVE-2024-6638",
    "datePublished": "2024-07-22T19:55:23.548Z",
    "dateReserved": "2024-07-09T23:58:45.236Z",
    "dateUpdated": "2024-08-01T21:41:04.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5197 (GCVE-0-2024-5197)

Vulnerability from cvelistv5 – Published: 2024-06-03 13:30 – Updated: 2025-02-13 17:54
VLAI
Title
Integer overflow in libvpx
Summary
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Chromium libvpx Affected: 0 , < 1.14.1 (semver)
Create a notification for this product.
chromium libvpx Affected: 0 , < 1.14.1 (semver)
    cpe:2.3:a:chromium:libvpx:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-02 10:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:chromium:libvpx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "libvpx",
            "vendor": "chromium",
            "versions": [
              {
                "lessThan": "1.14.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5197",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T17:27:56.300102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:02:28.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:11.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://g-issues.chromium.org/issues/332382766"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://chromium.googlesource.com/webm/",
          "defaultStatus": "unaffected",
          "packageName": "libvpx",
          "product": "libvpx",
          "programFiles": [
            "https://chromium.googlesource.com/webm/libvpx/+/refs/heads/main/vpx/src/vpx_image.c"
          ],
          "programRoutines": [
            {
              "name": "vpx_img_alloc()"
            },
            {
              "name": "vpx_img_wrap()"
            }
          ],
          "repo": "https://chromium.googlesource.com",
          "vendor": "Chromium",
          "versions": [
            {
              "lessThan": "1.14.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-04-02T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eCalling \u003c/span\u003e\u003ccode\u003evpx_img_alloc()\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;with a large value of the \u003c/span\u003e\u003ccode\u003ed_w\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e, \u003c/span\u003e\u003ccode\u003ed_h\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e, or \u003c/span\u003e\u003ccode\u003ealign\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned \u003c/span\u003e\u003ccode\u003evpx_image_t\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;struct may be invalid.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eCalling \u003c/span\u003e\u003ccode\u003evpx_img_wrap()\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;with a large value of the \u003c/span\u003e\u003ccode\u003ed_w\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e, \u003c/span\u003e\u003ccode\u003ed_h\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e, or \u003c/span\u003e\u003ccode\u003estride_align\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned \u003c/span\u003e\u003ccode\u003evpx_image_t\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;struct may be invalid. We recommend upgrading to version 1.14.1 or beyond\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "There exists interger overflows in libvpx in versions prior to 1.14.1.\u00a0Calling vpx_img_alloc()\u00a0with a large value of the d_w, d_h, or align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid.\u00a0Calling vpx_img_wrap()\u00a0with a large value of the d_w, d_h, or stride_align\u00a0parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t\u00a0struct may be invalid. We recommend upgrading to version 1.14.1 or beyond"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-16T21:05:48.990Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://g-issues.chromium.org/issues/332382766"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00005.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in libvpx",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2024-5197",
    "datePublished": "2024-06-03T13:30:26.925Z",
    "dateReserved": "2024-05-22T09:42:54.906Z",
    "dateUpdated": "2025-02-13T17:54:05.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4453 (GCVE-0-2024-4453)

Vulnerability from cvelistv5 – Published: 2024-05-22 19:18 – Updated: 2025-02-13 17:53
VLAI
Title
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
Summary
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
Impacted products
Vendor Product Version
GStreamer GStreamer Affected: fc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0
Create a notification for this product.
Date Public
2024-05-17 23:23
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4453",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T15:47:50.864899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:44.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:47.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-24-467",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GStreamer",
          "vendor": "GStreamer",
          "versions": [
            {
              "status": "affected",
              "version": "fc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-05-02T23:34:53.502Z",
      "datePublic": "2024-05-17T23:23:20.302Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-23896."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:14:07.113Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-467",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"
        }
      ],
      "source": {
        "lang": "en",
        "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
      },
      "title": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-4453",
    "datePublished": "2024-05-22T19:18:02.927Z",
    "dateReserved": "2024-05-02T23:34:53.526Z",
    "dateUpdated": "2025-02-13T17:53:35.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Implementation

Strategy: Input Validation

  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.