Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

687 vulnerabilities reference this CWE, most recent first.

GHSA-6GW8-36PW-G34W

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Windows Hyper-V Denial of Service Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:53Z",
    "severity": "MODERATE"
  },
  "details": "Windows Hyper-V Denial of Service Vulnerability",
  "id": "GHSA-6gw8-36pw-g34w",
  "modified": "2024-01-09T18:30:29Z",
  "published": "2024-01-09T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20699"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6H9G-8WHP-24PX

Vulnerability from github – Published: 2022-05-13 01:45 – Updated: 2022-05-13 01:45
VLAI
Details

A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-07T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.",
  "id": "GHSA-6h9g-8whp-24px",
  "modified": "2022-05-13T01:45:57Z",
  "published": "2022-05-13T01:45:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3887"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HVF-XVWM-VRW4

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2023-08-01 18:26
VLAI
Summary
XMLTooling Library Incorrectly Handles Some Exceptions
Details

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.opensaml:xmltooling"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-9628"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T23:18:21Z",
    "nvd_published_at": "2019-04-11T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.",
  "id": "GHSA-6hvf-xvwm-vrw4",
  "modified": "2023-08-01T18:26:15Z",
  "published": "2022-05-13T01:02:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9628"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190611-0003"
    },
    {
      "type": "WEB",
      "url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3921-1"
    },
    {
      "type": "WEB",
      "url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XMLTooling Library Incorrectly Handles Some Exceptions",
  "withdrawn": "2023-08-01T18:26:15Z"
}

GHSA-6Q57-2QF7-PX5P

Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).

When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition. This issue affects Junos OS:

  • All versions before 21.2R3-S9,
  • from 21.4 before 21.4R3-S10,
  • from 22.2 before 22.2R3-S6,
  • from 22.4 before 22.4R3-S6,
  • from 23.2 before 23.2R2-S3,
  • from 23.4 before 23.4R2-S4,
  • from 24.2 before 24.2R2.

and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S6-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30652"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T20:15:28Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).\n\nWhen\u00a0asregex-optimized is configured and a specific \"show route as-path\"\u00a0CLI command  is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.\nThis issue affects Junos OS: \n\n\n  *  All versions before 21.2R3-S9, \n  *  from 21.4 before 21.4R3-S10, \n  *  from 22.2 before 22.2R3-S6, \n  *  from 22.4 before 22.4R3-S6, \n  *  from 23.2 before 23.2R2-S3, \n  *  from 23.4 before 23.4R2-S4, \n  *  from 24.2 before 24.2R2.\n\n\n\nand Junos OS Evolved: \n  *  All versions before 21.2R3-S9-EVO, \n  *  from 21.4-EVO before 21.4R3-S10-EVO, \n  *  from 22.2-EVO before 22.2R3-S6-EVO, \n  *  from 22.4-EVO before 22.4R3-S6-EVO, \n  *  from 23.2-EVO before 23.2R2-S3-EVO, \n  *  from 23.4-EVO before 23.4R2-S4-EVO, \n  *  from 24.2-EVO before 24.2R2-EVO.",
  "id": "GHSA-6q57-2qf7-px5p",
  "modified": "2025-04-09T21:31:43Z",
  "published": "2025-04-09T21:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30652"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA96462"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6Q8J-VVJQ-VHJC

Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.

This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.

This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S5; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S2; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2-S1, 22.3R3; 22.4 versions prior to 22.4R1-S2, 22.4R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-14T16:15:14Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue is only triggered by packets destined to a local-interface via a service-interface (AMS).  AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards.  This issue is not experienced on other types of interfaces or configurations.  Additionally, transit traffic does not trigger this issue.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions prior to 19.1R3-S10;\n19.2 versions prior to 19.2R3-S7;\n19.3 versions prior to 19.3R3-S8;\n19.4 versions prior to 19.4R3-S12;\n20.2 versions prior to 20.2R3-S8;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S5;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S2;\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n",
  "id": "GHSA-6q8j-vvjq-vhjc",
  "modified": "2024-04-04T06:08:22Z",
  "published": "2023-07-14T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36832"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA71639"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6RM7-87PC-2JW9

Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2023-10-23 15:30
VLAI
Details

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-4584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections",
  "id": "GHSA-6rm7-87pc-2jw9",
  "modified": "2023-10-23T15:30:22Z",
  "published": "2022-05-05T00:29:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4584"
    },
    {
      "type": "WEB",
      "url": "https://github.com/horms/perdition/commit/62a0ce94aeb7dd99155882956ce9e327ab914ddf"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2013-4584"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89184"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-4584"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/15/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/63696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V6C-5W6V-23MC

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:18
VLAI
Details

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-10T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.",
  "id": "GHSA-6v6c-5w6v-23mc",
  "modified": "2024-04-04T02:18:34Z",
  "published": "2022-05-24T16:58:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1342"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1342"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6VWM-P7VV-6MCX

Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2022-07-11 00:00
VLAI
Details

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-17T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).",
  "id": "GHSA-6vwm-p7vv-6mcx",
  "modified": "2022-07-11T00:00:25Z",
  "published": "2022-05-24T17:15:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11875"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/755.html"
    },
    {
      "type": "WEB",
      "url": "https://lgsecurity.lge.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6W3V-8X64-R348

Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2025-05-19 12:30
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).

In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.

Stuck mgd processes can be monitored by executing the following command:

user@host> show system processes extensive | match mgd | match sbwait

This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21610"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T15:15:23Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).\n\nIn a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can\u0027t be established anymore. A similar behavior will be seen for telnet etc.\n\nStuck mgd processes can be monitored by executing the following command:\n\n\u00a0 user@host\u003e show system processes extensive | match mgd | match sbwait\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions earlier than 20.4R3-S9;\n21.2 versions earlier than 21.2R3-S7;\n21.3 versions earlier than 21.3R3-S5;\n21.4 versions earlier than 21.4R3-S5;\n22.1 versions earlier than 22.1R3-S4;\n22.2 versions earlier than 22.2R3-S3;\n22.3 versions earlier than 22.3R3-S2;\n22.4 versions earlier than 22.4R3;\n23.2 versions earlier than 23.2R1-S2, 23.2R2.",
  "id": "GHSA-6w3v-8x64-r348",
  "modified": "2025-05-19T12:30:33Z",
  "published": "2024-04-12T15:37:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21610"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
    },
    {
      "type": "WEB",
      "url": "http://supportportal.juniper.net/JSA75751"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-72R7-J93F-VRW2

Vulnerability from github – Published: 2023-06-06 00:30 – Updated: 2024-04-04 04:32
VLAI
Details

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-05T22:15:11Z",
    "severity": "HIGH"
  },
  "details": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.",
  "id": "GHSA-72r7-j93f-vrw2",
  "modified": "2024-04-04T04:32:33Z",
  "published": "2023-06-06T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24510"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.