CVE-2024-33901

Опубликовано: 20 мая 2024

Источник: nvd

CVSS3: 6.5

EPSS Средний

Описание

Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

Ссылки

https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838
Exploit
https://github.com/keepassxreboot/keepassxc/issues/10784
Issue Tracking
https://keepassxc.org/blog/
Release Notes
https://keepassxc.org/blog/2019-02-21-memory-security/
Product
https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838
Exploit
https://github.com/keepassxreboot/keepassxc/issues/10784
Issue Tracking
https://keepassxc.org/blog/
Release Notes
https://keepassxc.org/blog/2019-02-21-memory-security/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keepassxc:keepassxc:2.7.7:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.21786

Средний

6.5 Medium

CVSS3

Дефекты

CWE-316

Связанные уязвимости

CVE-2024-33901

CVSS3: 6.5

ubuntu

больше 1 года назад

CVE-2024-33901

CVSS3: 6.5

debian

больше 1 года назад

Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of ...

GHSA-g437-xqhv-c7mq

CVSS3: 6.5

github

больше 1 года назад

Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.

EPSS

Процентиль: 96%

0.21786

Средний

6.5 Medium

CVSS3

Дефекты

CWE-316