CVE-2024-48924 – MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
https://notcve.org/view.php?id=CVE-2024-48924
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. ... Override the `GetHashCollisionResistantEqualityComparer<T>` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer<T>()`. 3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object. 4. ... This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method. ### References - Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security). - The .NET team's [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md). ### For more information If you have any questions or comments about this advisory: * [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions) * [Email us privately](mailto:andrewarnott@live.com) • https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/8e599af0798b45008f8b293a7f233e4878f11ed5 https://github.com/MessagePack-CSharp/MessagePack-CSharp/commit/f8d40b3ad0be01c6e56cb51ecea81f59d98c192d https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-4qm4-8hg2-g2xm • CWE-328: Use of Weak Hash •
CVE-2024-47459 – Substance3D - Sampler | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2024-47459
Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html • CWE-476: NULL Pointer Dereference •
CVE-2023-6729 – Nokia SR OS: File Access Security Vulnerability
https://notcve.org/view.php?id=CVE-2023-6729
This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. • https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-3187
https://notcve.org/view.php?id=CVE-2024-3187
These are caused by JST values not being nulled when freed during parsing of JST templates. ... This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. Este problema se debe a dos vulnerabilidades CWE-416 de Use After Free (UAF) y una vulnerabilidad CWE-415 de doble liberación en las versiones de Goahead anteriores a la 6.0.0. ... Esto puede provocar una corrupción de la memoria, lo que puede provocar una denegación de servicio (DoS) o, en casos excepcionales, la ejecución de código, aunque esto último depende en gran medida del contexto. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3187 • CWE-415: Double Free CWE-416: Use After Free •
CVE-2024-3186
https://notcve.org/view.php?id=CVE-2024-3186
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. ... Esta vulnerabilidad permite que un atacante remoto con privilegios para modificar archivos de plantilla de JavaScript (JST) provoque un bloqueo y provoque una denegación de servicio (DoS) al proporcionar plantillas maliciosas. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3186 • CWE-476: NULL Pointer Dereference •