From b0a63b6cc48cd4d3d68ce115f27c00a821773798 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 30 Jun 2024 22:03:22 +0000 Subject: [PATCH] Auto-Update: 2024-06-30T22:00:29.861382+00:00 --- CVE-2024/CVE-2024-347xx/CVE-2024-34703.json | 68 +++++++++++++++++++++ README.md | 15 ++--- _state.csv | 13 ++-- 3 files changed, 80 insertions(+), 16 deletions(-) create mode 100644 CVE-2024/CVE-2024-347xx/CVE-2024-34703.json diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34703.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34703.json new file mode 100644 index 00000000000..a34573e0271 --- /dev/null +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34703.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-34703", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-30T21:15:02.053", + "lastModified": "2024-06-30T21:15:02.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-405" + }, + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bbd03d8764d..042e8a29807 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-30T20:00:44.918095+00:00 +2024-06-30T22:00:29.861382+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-30T19:15:02.233000+00:00 +2024-06-30T21:15:02.053000+00:00 ``` ### Last Data Feed Release @@ -33,19 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255513 +255514 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `1` -- [CVE-2023-50952](CVE-2023/CVE-2023-509xx/CVE-2023-50952.json) (`2024-06-30T18:15:02.733`) -- [CVE-2023-50953](CVE-2023/CVE-2023-509xx/CVE-2023-50953.json) (`2024-06-30T18:15:02.970`) -- [CVE-2023-50964](CVE-2023/CVE-2023-509xx/CVE-2023-50964.json) (`2024-06-30T19:15:02.007`) -- [CVE-2024-28794](CVE-2024/CVE-2024-287xx/CVE-2024-28794.json) (`2024-06-30T19:15:02.233`) -- [CVE-2024-28797](CVE-2024/CVE-2024-287xx/CVE-2024-28797.json) (`2024-06-30T18:15:03.480`) -- [CVE-2024-31898](CVE-2024/CVE-2024-318xx/CVE-2024-31898.json) (`2024-06-30T18:15:03.693`) +- [CVE-2024-34703](CVE-2024/CVE-2024-347xx/CVE-2024-34703.json) (`2024-06-30T21:15:02.053`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 06d77234fe0..da02e85784e 100644 --- a/_state.csv +++ b/_state.csv @@ -237352,8 +237352,8 @@ CVE-2023-50948,0,0,3c02519a72037dff711d5ee48432aa7f2b5638da69466874289b5ec8a9701 CVE-2023-50949,0,0,05099c94caa797bc55ec09b8ff46351e2b7dda33262efba30ca113b16d3acf90,2024-04-12T12:44:04.930000 CVE-2023-50950,0,0,dfea2c60bf930725232ee8dec76ee1dc7db647db5a23e4d3c95d00ce14c241f2,2024-01-24T19:42:29.450000 CVE-2023-50951,0,0,ac9a2ba6b69cc6219b314f88f75f8d16d80977a7838c8861bc4cc4a5a90b32d2,2024-02-20T19:50:53.960000 -CVE-2023-50952,1,1,214157c0c9dc9e309d6f0a4359b410b3ce0dadd6acd5fd4462de91fe9605c594,2024-06-30T18:15:02.733000 -CVE-2023-50953,1,1,6f1dd2b712dca3790293e891ea7b3c19d9bc58239f13f04e90aad630ba8c903b,2024-06-30T18:15:02.970000 +CVE-2023-50952,0,0,214157c0c9dc9e309d6f0a4359b410b3ce0dadd6acd5fd4462de91fe9605c594,2024-06-30T18:15:02.733000 +CVE-2023-50953,0,0,6f1dd2b712dca3790293e891ea7b3c19d9bc58239f13f04e90aad630ba8c903b,2024-06-30T18:15:02.970000 CVE-2023-50954,0,0,cd28b9f2a6eb84f79dffe7b3ed168d5a7dc92dd5eba345b0866635e9f903a3aa,2024-06-30T17:15:02.470000 CVE-2023-50955,0,0,2dac25424bb634048955c93e845cd595a5737c34f7a73119031e8a018fd0e20a,2024-02-22T19:07:27.197000 CVE-2023-50957,0,0,a38d290def706a6975d8b2902c3d1f58a6074172158e1685b40a6a512f9caf13,2024-02-15T04:37:53.297000 @@ -237362,7 +237362,7 @@ CVE-2023-5096,0,0,1b0896fcd5a16a2bfc5ce288684748ddee835572b804e4af539b42517b79d3 CVE-2023-50961,0,0,d711d4a9d8ad627716324633a649c2a8b70ff648c86857e4b94f3b50216da091,2024-03-27T15:49:51.300000 CVE-2023-50962,0,0,365daa63183eee3bc8e35da897e2163d0fc458ef66adb39b8eb249f4c8a968ff,2024-02-12T14:31:36.920000 CVE-2023-50963,0,0,f8ab53d3916fdeb747721dbad810b91a4d8cca1f3447b9dedd0b7a0a236caf08,2024-01-24T21:22:22.293000 -CVE-2023-50964,1,1,8e9c38aa40e1bbdd98bdb4dea21478d59ddc547ce681076c9051314b28c5c9af,2024-06-30T19:15:02.007000 +CVE-2023-50964,0,0,8e9c38aa40e1bbdd98bdb4dea21478d59ddc547ce681076c9051314b28c5c9af,2024-06-30T19:15:02.007000 CVE-2023-50965,0,0,7d1de52a11bce456c4c16ef773b97b5e53898c75617739b3525f486b2a63242b,2023-12-20T20:02:23.497000 CVE-2023-50966,0,0,a6b32088d0a5d6ef9a7d587370f326ae2061a7a42b121ce18c85e023136aaec3,2024-03-19T16:33:58.680000 CVE-2023-50967,0,0,bb1533384c54817eac919409a9c4a4f7b98f5730662b59bf4ce17ad616d7daee,2024-04-19T23:15:09.330000 @@ -247983,9 +247983,9 @@ CVE-2024-28784,0,0,c979b0334a0081e1847a4bc955e67dbbc0397aed136c4d3aa1b489c4f3f26 CVE-2024-28787,0,0,466884053e2fb97771b0b18e87658d91d7f6894823937327962bdc9b1ecfdc33,2024-04-04T19:24:50.670000 CVE-2024-2879,0,0,b3cb63a21efa9503ae3e8fbd2c3fbecce8466a6f50871d6397f8e38479a77e62,2024-04-08T22:49:41.533000 CVE-2024-28793,0,0,0971b91b249c500bf4e72fc37951e1fea5132a60c7834326b93f07f92baebfb6,2024-06-10T18:15:29.983000 -CVE-2024-28794,1,1,fea3931f90b9f84cf4c733c8b13103f1c0ea3743e99a2912dcf009b5c0fcff09,2024-06-30T19:15:02.233000 +CVE-2024-28794,0,0,fea3931f90b9f84cf4c733c8b13103f1c0ea3743e99a2912dcf009b5c0fcff09,2024-06-30T19:15:02.233000 CVE-2024-28795,0,0,cdcc3ce008679975bf496c8bd14b637e1ba080c5295dbaca41aef374af5c9d06,2024-06-30T16:15:02.987000 -CVE-2024-28797,1,1,cb656ca0fb48c752719361d8d555f4dcc2a45188759fd6cb1344b5a0a55b05dd,2024-06-30T18:15:03.480000 +CVE-2024-28797,0,0,cb656ca0fb48c752719361d8d555f4dcc2a45188759fd6cb1344b5a0a55b05dd,2024-06-30T18:15:03.480000 CVE-2024-28798,0,0,3ed41b05d7d28d830091bb6df2fa27e3e32bb2a125c831d0251b397ac1a3e5a2,2024-06-30T17:15:02.720000 CVE-2024-28815,0,0,e7bdcd0ac6977f9c059dbb312ad54d9a388fdc8f6a137aa4ed5f32fc20fa20fd,2024-04-30T07:15:48.897000 CVE-2024-28816,0,0,4b9f923b99f4095b32672af0003c81bae1f3b3136774827600fae7accfedcfe3,2024-03-11T12:47:42.653000 @@ -250018,7 +250018,7 @@ CVE-2024-31890,0,0,eda850bb7869648d895763435641ab97f0cfe4aeba8f677c829b9f47f4e39 CVE-2024-31893,0,0,12d01c628fd750c0cbf441575efefbf394d1654280d687a3cb134821594970b6,2024-05-24T01:15:30.977000 CVE-2024-31894,0,0,5d58af989adc88e1f21decb4e4b73370061e14ed54479d7579f2f2b5b7332e1e,2024-05-24T01:15:30.977000 CVE-2024-31895,0,0,38db7df97417d61bcac3e1b48b52fd0d409c4088497b5231955dcf460bac575b,2024-05-24T01:15:30.977000 -CVE-2024-31898,1,1,33566edd39449d6937cfe890ae696f9e487e7e051ba641cc870b458befd5ee22,2024-06-30T18:15:03.693000 +CVE-2024-31898,0,0,33566edd39449d6937cfe890ae696f9e487e7e051ba641cc870b458befd5ee22,2024-06-30T18:15:03.693000 CVE-2024-3190,0,0,c17e9142af04bd9f9561cc561aacffdced5eb94e572636fb91c22838cccaf428,2024-05-30T13:15:41.297000 CVE-2024-31902,0,0,1157e96c42fe5e1f6cd50b8a219a0e329afeecd891787c4e2cd01170b9e9df82,2024-06-30T17:15:02.923000 CVE-2024-31904,0,0,f581f8d898f5db4b0367557c06fa4b666380cc23610e816c03e35138e889ca3c,2024-05-24T01:15:30.977000 @@ -251750,6 +251750,7 @@ CVE-2024-34698,0,0,10e59d69dc4df1155204551f8483405755bab4be109bdea52b3a75e369d53 CVE-2024-34699,0,0,25f405235bcdebbbdbdc15ae858e3622caf3e07dac211b82cab5ea59f42ec719,2024-05-14T16:12:23.490000 CVE-2024-3470,0,0,736c8b21abac392de8987478bb4430873353b2c43829321b68bed57cd49a65ed,2024-04-19T16:19:49.043000 CVE-2024-34701,0,0,5a8c02ffa2fcadb317d10fc6ec8b451b4dcf3f6eab6c63ebf616f401a02dac46,2024-05-14T16:12:23.490000 +CVE-2024-34703,1,1,5ad2e6f5e34e2f6fd45700d7306c9c5e8b06f592b7ba43c13c397477c4dda22d,2024-06-30T21:15:02.053000 CVE-2024-34704,0,0,48d6359679289248ce803dfb7b75c17011aaace7b08a8c9d1fc68e47f081bf3e,2024-05-14T16:12:23.490000 CVE-2024-34706,0,0,4726580e4aef314a5fbec04fe3b48a640bc06fa468e915ceb8e4adce9150430f,2024-05-14T16:12:23.490000 CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a7390b7,2024-05-14T16:12:23.490000