Vulnerability-Lookup

WID-SEC-W-2025-1562

Vulnerability from csaf_certbund - Published: 2025-07-15 22:00 - Updated: 2025-07-15 22:00

Summary

Oracle Utilities Applications: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1562 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1562.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1562 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1562"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Utilities Applications vom 2025-07-15",
        "url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixUTIL"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Utilities Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-16T08:31:55.973+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1562",
      "initial_release_date": "2025-07-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.4.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.0.0",
                  "product_id": "T045398",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.4.0.2.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.2.0",
                  "product_id": "T045399",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.4.0.3.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.3.0",
                  "product_id": "T045400",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.0.0",
                  "product_id": "T045401",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.1.1",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.1.1",
                  "product_id": "T045402",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.1.3",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.1.3",
                  "product_id": "T045403",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.1.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications \u003c=24.3.0.0.0",
                  "product_id": "T045404"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications \u003c=24.3.0.0.0",
                  "product_id": "T045404-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "25.4",
                "product": {
                  "name": "Oracle Utilities Applications 25.4",
                  "product_id": "T045405",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:25.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.0.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 7.0.0.0.0",
                  "product_id": "T045406",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:7.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.0.0.1.0",
                "product": {
                  "name": "Oracle Utilities Applications 7.0.0.1.0",
                  "product_id": "T045407",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:7.0.0.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.5.0.1.15",
                "product": {
                  "name": "Oracle Utilities Applications 2.5.0.1.15",
                  "product_id": "T045408",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:2.5.0.1.15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.5.0.2.9",
                "product": {
                  "name": "Oracle Utilities Applications 2.5.0.2.9",
                  "product_id": "T045409",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:2.5.0.2.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.6.0.1.7",
                "product": {
                  "name": "Oracle Utilities Applications 2.6.0.1.7",
                  "product_id": "T045410",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:2.6.0.1.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.6.0.2.2",
                "product": {
                  "name": "Oracle Utilities Applications 2.6.0.2.2",
                  "product_id": "T045411",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:2.6.0.2.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.3.0.6.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.3.0.6.0",
                  "product_id": "T045412",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.3.0.6.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.5.0.2.8",
                "product": {
                  "name": "Oracle Utilities Applications 2.5.0.2.8",
                  "product_id": "T045413",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:2.5.0.2.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Utilities Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "T045409",
          "T045402",
          "T045413",
          "T045401",
          "T045412",
          "T045403",
          "T045406",
          "T045405",
          "T045408",
          "T045407",
          "T045398",
          "T045400",
          "T045411",
          "T045399",
          "T045410"
        ],
        "last_affected": [
          "T045404"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "known_affected": [
          "T045409",
          "T045402",
          "T045413",
          "T045401",
          "T045412",
          "T045403",
          "T045406",
          "T045405",
          "T045408",
          "T045407",
          "T045398",
          "T045400",
          "T045411",
          "T045399",
          "T045410"
        ],
        "last_affected": [
          "T045404"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T045409",
          "T045402",
          "T045413",
          "T045401",
          "T045412",
          "T045403",
          "T045406",
          "T045405",
          "T045408",
          "T045407",
          "T045398",
          "T045400",
          "T045411",
          "T045399",
          "T045410"
        ],
        "last_affected": [
          "T045404"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T045409",
          "T045402",
          "T045413",
          "T045401",
          "T045412",
          "T045403",
          "T045406",
          "T045405",
          "T045408",
          "T045407",
          "T045398",
          "T045400",
          "T045411",
          "T045399",
          "T045410"
        ],
        "last_affected": [
          "T045404"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-26791",
      "product_status": {
        "known_affected": [
          "T045409",
          "T045402",
          "T045413",
          "T045401",
          "T045412",
          "T045403",
          "T045406",
          "T045405",
          "T045408",
          "T045407",
          "T045398",
          "T045400",
          "T045411",
          "T045399",
          "T045410"
        ],
        "last_affected": [
          "T045404"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-26791"
    },
    {
      "cve": "CVE-2025-48988",
      "product_status": {
        "known_affected": [
          "T045409",
          "T045402",
          "T045413",
          "T045401",
          "T045412",
          "T045403",
          "T045406",
          "T045405",
          "T045408",
          "T045407",
          "T045398",
          "T045400",
          "T045411",
          "T045399",
          "T045410"
        ],
        "last_affected": [
          "T045404"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-48988"
    }
  ]
}

CVE-2025-48988 (GCVE-0-2025-48988)

Vulnerability from cvelistv5 – Published: 2025-06-16 14:13 – Updated: 2025-11-03 20:05

Title

Apache Tomcat: FileUpload large number of parts with headers DoS

Summary

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Severity ?

No CVSS data available.

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/nzkqsok8t42qofgqf…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.7 (semver) Affected: 10.1.0-M1 , ≤ 10.1.41 (semver) Affected: 9.0.0.M1 , ≤ 9.0.105 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 6 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)

Credits

TERASOLUNA Framework Security Team of NTT DATA Group Corporation

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:05:03.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/16/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T18:20:54.922006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T18:21:45.236Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.7",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.41",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.105",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TERASOLUNA Framework Security Team of NTT DATA Group Corporation"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T11:45:39.382Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: FileUpload large number of parts with headers DoS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48988",
    "datePublished": "2025-06-16T14:13:40.457Z",
    "dateReserved": "2025-05-29T15:24:32.685Z",
    "dateUpdated": "2025-11-03T20:05:03.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57699 (GCVE-0-2024-57699)

Vulnerability from cvelistv5 – Published: 2025-02-05 00:00 – Updated: 2025-02-06 15:15

Summary

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://nvd.nist.gov/vuln/detail/cve-2023-1370
	https://github.com/TurtleLiu/Vul_PoC/tree/main/CV…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57699",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T15:14:00.482073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-674",
                "description": "CWE-674 Uncontrolled Recursion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T15:15:17.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \u2019{\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-05T21:38:33.811Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
        },
        {
          "url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-57699",
    "datePublished": "2025-02-05T00:00:00.000Z",
    "dateReserved": "2025-01-09T00:00:00.000Z",
    "dateUpdated": "2025-02-06T15:15:17.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7254 (GCVE-0-2024-7254)

Vulnerability from cvelistv5 – Published: 2024-09-19 00:18 – Updated: 2025-09-08 09:37

Title

Stack overflow in Protocol Buffers Java Lite

Summary

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-674 - Uncontrolled Recursion

Assigner

Google

References

URL

Tags

https://github.com/protocolbuffers/protobuf/commi…

Impacted products

Vendor

Product

Version

Google

Protocol Buffers

Affected: 0 , < 28.2 (custom)

Google	protobuf-java	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	protobuf-javalite	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	protobuf-kotlin	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	protobuf-kotllin-lite	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	google-protobuf [JRuby Gem]	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)

Credits

Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "protobuf",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "28.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*",
              "cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:google:protobuf-javalite:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:google:protobuf-kotlin-lite:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "protobuf-kotlin-lite",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "3.25.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.27.5",
                "status": "affected",
                "version": "4.27",
                "versionType": "custom"
              },
              {
                "lessThan": "4.28.2",
                "status": "affected",
                "version": "4.28",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T14:29:43.468555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T14:46:14.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-19T00:11:07.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241213-0010/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250418-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Protocol Buffers",
          "repo": "https://github.com/protocolbuffers/protobuf",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java",
          "defaultStatus": "unaffected",
          "product": "protobuf-java",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "protobuf-javalite",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "protobuf-kotlin",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "protobuf-kotllin-lite",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://rubygems.org/gems/google-protobuf",
          "defaultStatus": "unaffected",
          "product": "google-protobuf [JRuby Gem]",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alexis Challande, Trail of Bits Ecosystem Security Team \u003cecosystem@trailofbits.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAny project that parses untrusted Protocol Buffers data\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;containing an arbitrary number of nested \u003c/span\u003e\u003ccode\u003egroup\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es / series of \u003c/span\u003e\u003ccode\u003eSGROUP\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;tags can corrupted by exceeding the stack limit i.e. StackOverflow. \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eParsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Any project that parses untrusted Protocol Buffers data\u00a0containing an arbitrary number of nested groups / series of SGROUP\u00a0tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-08T09:37:53.702Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stack overflow in Protocol Buffers Java Lite",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2024-7254",
    "datePublished": "2024-09-19T00:18:45.824Z",
    "dateReserved": "2024-07-29T21:41:56.116Z",
    "dateUpdated": "2025-09-08T09:37:53.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47554 (GCVE-0-2024-47554)

Vulnerability from cvelistv5 – Published: 2024-10-03 11:32 – Updated: 2025-01-31 15:02

Title

Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Summary

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/6ozr91rr9cj5lm0zy…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Commons IO	Affected: 2.0 , < 2.14.0 (semver)

Credits

CodeQL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47554",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T13:00:56.326970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T15:03:37.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-31T15:02:47.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/03/2"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-io:commons-io",
          "product": "Apache Commons IO",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.14.0",
              "status": "affected",
              "version": "2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "CodeQL"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncontrolled Resource Consumption vulnerability in Apache Commons IO.\u003c/p\u003e\u003cp\u003eThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T11:32:48.936Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-47554",
    "datePublished": "2024-10-03T11:32:48.936Z",
    "dateReserved": "2024-09-26T16:12:46.116Z",
    "dateUpdated": "2025-01-31T15:02:47.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-26791 (GCVE-0-2025-26791)

Vulnerability from cvelistv5 – Published: 2025-02-14 00:00 – Updated: 2025-02-14 15:30

Summary

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Severity ?

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Assigner

mitre

References

URL

Tags

	https://github.com/cure53/DOMPurify/releases/tag/3.2.4
	https://github.com/cure53/DOMPurify/commit/d18ffc…
	https://nsysean.github.io/posts/dompurify-323-bypass/
	https://ensy.zip/posts/dompurify-323-bypass/

Impacted products

	Vendor	Product	Version
	Cure53	DOMPurify	Affected: 0 , < 3.2.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26791",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T15:30:30.796687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T15:30:49.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://ensy.zip/posts/dompurify-323-bypass/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DOMPurify",
          "vendor": "Cure53",
          "versions": [
            {
              "lessThan": "3.2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.2.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-14T08:21:32.805Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
        },
        {
          "url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
        },
        {
          "url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
        },
        {
          "url": "https://ensy.zip/posts/dompurify-323-bypass/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-26791",
    "datePublished": "2025-02-14T00:00:00.000Z",
    "dateReserved": "2025-02-14T00:00:00.000Z",
    "dateUpdated": "2025-02-14T15:30:49.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24970 (GCVE-0-2025-24970)

Vulnerability from cvelistv5 – Published: 2025-02-10 21:57 – Updated: 2025-04-16 15:37

Title

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Summary

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
	https://github.com/netty/netty/commit/87f40725155…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	netty	netty	Affected: >= 4.1.91.Final, <= 4.1.117.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24970",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:30:54.865019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:31:38.061Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:37:17.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250221-0005/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.1.91.Final, \u003c= 4.1.117.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn\u0027t correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T21:57:28.730Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
        },
        {
          "name": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
        }
      ],
      "source": {
        "advisory": "GHSA-4g8c-wm8x-jfhw",
        "discovery": "UNKNOWN"
      },
      "title": "SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24970",
    "datePublished": "2025-02-10T21:57:28.730Z",
    "dateReserved": "2025-01-29T15:18:03.210Z",
    "dateUpdated": "2025-04-16T15:37:17.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1562

CVE-2025-48988 (GCVE-0-2025-48988)

CVE-2024-57699 (GCVE-0-2024-57699)

CVE-2024-7254 (GCVE-0-2024-7254)

CVE-2024-47554 (GCVE-0-2024-47554)

CVE-2025-26791 (GCVE-0-2025-26791)

CVE-2025-24970 (GCVE-0-2025-24970)

Tags

Sightings

Nomenclature