CVE-2024-33900

Опубликовано: 20 мая 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

Ссылки

https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838
Exploit
https://github.com/keepassxreboot/keepassxc/issues/10784
Issue Tracking
https://keepassxc.org/blog/
Release Notes
https://keepassxc.org/blog/2019-02-21-memory-security/
Product
https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838
Exploit
https://github.com/keepassxreboot/keepassxc/issues/10784
Issue Tracking
https://keepassxc.org/blog/
Release Notes
https://keepassxc.org/blog/2019-02-21-memory-security/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keepassxc:keepassxc:2.7.7:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00127

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-316

Связанные уязвимости

CVE-2024-33900

CVSS3: 6.5

ubuntu

больше 1 года назад

CVE-2024-33900

CVSS3: 6.5

debian

больше 1 года назад

KeePassXC 2.7.7 allows an attacker (who has the privileges of the vict ...

GHSA-c45j-7735-f4r2

CVSS3: 6.5

github

больше 1 года назад

KeePassXC 2.7.7 allows attackers to recover cleartext credentials.

EPSS

Процентиль: 32%

0.00127

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-316