Описание
Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.
Ссылки
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.9 (исключая)
cpe:2.3:a:veilid:veilid:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
7.5 High
CVSS3
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.
EPSS
Процентиль: 40%
0.00182
Низкий
7.5 High
CVSS3
Дефекты
CWE-787