CVE-2024-10838

12 Mar 2025

Título es
CVE-2024-10838

Mié, 12/03/2025 – 13:15

Tipo
CWE-191

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-10838

Descripción en
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

12/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
8.80

Gravedad 4.0 txt
HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5

https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42

https://gitlab.eclipse.org/security/cve-assignement/-/issues/46

Enviar en el boletín
Off