In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Configurations
No configuration.
History
16 Aug 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-91 CWE-190 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
Summary |
|
15 Aug 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-15 22:15
Updated : 2024-08-19 13:00
NVD link : CVE-2024-34740
Mitre link : CVE-2024-34740
CVE.ORG link : CVE-2024-34740
JSON object : View
Products Affected
No product.