CVE-2024-4227

Jan. 15, 2025, 8:15 a.m.

7.5
High

Description

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.

Product(s) Impacted

Product Versions
gSOAP
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-834
Excessive Iteration
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References

https://sourceforge.net/p/gsoap2/code/HEAD/tree/changelog.md
https://www.genivia.com/advisory.html#Upgrade_recommendation_when_option_-c++11_is_used_to_generate_C++11_source_code

Tags

info@cert.vde.com
CWE-834
2025-01-15
CVE-2024-4227

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Jan. 15, 2025, 8:15 a.m.
Last Modified: Jan. 15, 2025, 8:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

info@cert.vde.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.