exploitDog

CVE-2024-10838

Опубликовано: 12 мар. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

Ссылки

https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5
Patch
https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42
Exploit
Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/46
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:cyclone_data_distribution_service:*:*:*:*:*:*:*:*

Версия до 0.10.5 (исключая)

EPSS

Процентиль: 77%

0.01078

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-191

Связанные уязвимости

CVE-2024-10838

CVSS3: 9.1

ubuntu

11 месяцев назад

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

EPSS

Процентиль: 77%

0.01078

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-191