CVE-2024-30249

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30249
Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh
https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
Summary
  • (es) Cloudburst Network proporciona componentes de red utilizados en proyectos de Cloudburst. Una vulnerabilidad en versiones anteriores a `1.0.0.CR1-20240330.101522-15` afecta el software de acceso público según las versiones afectadas de la red y permite a un atacante usar la red como vector de amplificación para un ataque de denegación de servicio UDP contra un tercero. o como un intento de provocar la suspensión del servicio del anfitrión. Todos los consumidores de la librería deben actualizar al menos a la versión `1.0.0.CR1-20240330.101522-15` para recibir una solución. No se conocen workarounds más allá de actualizar la librería.
References () https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh - () https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh -

04 Apr 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-04 19:15

Updated : 2024-11-21 09:11

NVD link : CVE-2024-30249

Mitre link : CVE-2024-30249

CVE.ORG link : CVE-2024-30249

JSON object : View

Products Affected

No product.

CWE
CWE-770

Allocation of Resources Without Limits or Throttling


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024