mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
64 lines
2.5 KiB
JSON
64 lines
2.5 KiB
JSON
{
|
|
"id": "CVE-2024-35333",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-05-29T16:15:11.000",
|
|
"lastModified": "2024-11-21T09:20:08.757",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer de pila en la funci\u00f3n read_charset_decl de html2xhtml 1.3. Esta vulnerabilidad se produce debido a una comprobaci\u00f3n de los l\u00edmites inadecuada al copiar datos en un b\u00fafer de pila de tama\u00f1o fijo. Un atacante puede aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada para la funci\u00f3n vulnerable, lo que provoca un desbordamiento del b\u00fafer y potencialmente conduce a la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio o corrupci\u00f3n de datos."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 8.4,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.5,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-121"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/momo1239/CVE-2024-35333",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/momo1239/CVE-2024-35333",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |