CVE-2023-29487

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

25 Sep 2024, 20:15

Type Values Removed Values Added
Summary (en) An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. (en) An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.

04 Jan 2024, 14:36

Type Values Removed Values Added
References () https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 - () https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 - Exploit, Third Party Advisory
CWE CWE-1333
CPE cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*
First Time Heimdalsecurity thor
Apple
Heimdalsecurity
Microsoft windows
Apple macos
Microsoft
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1

21 Dec 2023, 02:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 01:15

Updated : 2024-09-25 20:15


NVD link : CVE-2023-29487

Mitre link : CVE-2023-29487

CVE.ORG link : CVE-2023-29487


JSON object : View

Products Affected

apple

  • macos

microsoft

  • windows

heimdalsecurity

  • thor
CWE
CWE-1333

Inefficient Regular Expression Complexity