CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.
References
Link Resource
https://github.com/steve-community/steve/issues/1296 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:steve_project:steve:3.6.0:*:*:*:*:*:*:*

History

16 Oct 2024, 19:41

Type Values Removed Values Added
References () https://github.com/steve-community/steve/issues/1296 - () https://github.com/steve-community/steve/issues/1296 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:steve_project:steve:3.6.0:*:*:*:*:*:*:*
First Time Steve Project
Steve Project steve
CWE CWE-331
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

13 Feb 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-13 01:15

Updated : 2024-10-16 19:41


NVD link : CVE-2024-25407

Mitre link : CVE-2024-25407

CVE.ORG link : CVE-2024-25407


JSON object : View

Products Affected

steve_project

  • steve
CWE
CWE-331

Insufficient Entropy