CVE-2024-24425
https://notcve.org/view.php?id=CVE-2024-24425
Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. • https://cellularsecurity.org/ransacked https://github.com/OPENAIRINTERFACE/openair-epc-fed https://github.com/magma/magma • CWE-125: Out-of-bounds Read •
CVE-2024-24446
https://notcve.org/view.php?id=CVE-2024-24446
An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF. • https://cellularsecurity.org/ransacked https://openairinterface.org • CWE-476: NULL Pointer Dereference •
CVE-2024-52524 – ReDoS in Giskard Scan text perturbation
https://notcve.org/view.php?id=CVE-2024-52524
When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. • https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3 https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2024-3447 – Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
https://notcve.org/view.php?id=CVE-2024-3447
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. • https://access.redhat.com/security/cve/CVE-2024-3447 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813 https://bugzilla.redhat.com/show_bug.cgi?id=2274123 https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org • CWE-122: Heap-based Buffer Overflow •
CVE-2024-2550 – PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2550
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en la puerta de enlace GlobalProtect del software PAN-OS de Palo Alto Networks permite que un atacante no autenticado detenga el servicio GlobalProtect en el firewall mediante el envío de un paquete especialmente manipulado que provoca una condición de denegación de servicio (DoS). Los intentos repetidos de activar esta condición hacen que el firewall entre en modo de mantenimiento. • https://security.paloaltonetworks.com/CVE-2024-2550 • CWE-476: NULL Pointer Dereference •