Search criteria
1 vulnerability by ouch-org
CVE-2024-13941 (GCVE-0-2024-13941)
Vulnerability from cvelistv5 – Published: 2025-04-01 21:00 – Updated: 2025-04-02 14:09
VLAI
Title
ouch-org ouch zip.rs convert_zip_date_time memory corruption
Summary
A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component.
Severity
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.302055 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.302055 | signaturepermissions-required |
| https://vuldb.com/?submit.524511 | third-party-advisory |
| https://github.com/ouch-org/ouch/issues/707 | issue-tracking |
| https://github.com/rustsec/advisory-db/pull/2084/files | issue-tracking |
| https://github.com/user-attachments/files/1676798… | exploit |
| https://github.com/ouch-org/ouch/releases/tag/0.4.0 | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13941",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:59:16.710875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:09:03.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ouch-org/ouch/issues/707"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ouch",
"vendor": "ouch-org",
"versions": [
{
"status": "affected",
"version": "0.3.0"
},
{
"status": "affected",
"version": "0.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yewan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in ouch-org ouch bis 0.3.1 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ouch::archive::zip::convert_zip_date_time der Datei zip.rs. Mittels Manipulieren des Arguments month mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.4.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T21:00:12.923Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302055 | ouch-org ouch zip.rs convert_zip_date_time memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.302055"
},
{
"name": "VDB-302055 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302055"
},
{
"name": "Submit #524511 | ouch-org ouch 0.3.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524511"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ouch-org/ouch/issues/707"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rustsec/advisory-db/pull/2084/files"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/16767988/ouch.crash.report.docx"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ouch-org/ouch/releases/tag/0.4.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T20:04:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "ouch-org ouch zip.rs convert_zip_date_time memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13941",
"datePublished": "2025-04-01T21:00:12.923Z",
"dateReserved": "2025-03-30T17:58:15.284Z",
"dateUpdated": "2025-04-02T14:09:03.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}