NotCVE-2023-0002

NotCVE-2023-0002 - Buffer overflow in NVD Tools

Date	Vendor	Attack Vector	Impact
2023-11-21	Meta	Network	Availability

CWE	CVSS 3.1	EPSS (30-day Exploit Prob.)
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	7.5	0.1 %

Description
A buffer overflow leading to a denial of service has been found in the NVD Tools, a collection of tools for working with National Vulnerability Database feeds.

Vendor	Product	Version	Package Name
Meta	NVD Tools	-	-

Discoverer(s)/Credits
Lucas Tesson - pandatix

Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-100: Overflow Buffers

References
https://github.com/facebookincubator/nvdtools https://github.com/facebookincubator/nvdtools/pull/201/commits/81447a60e831223814cc146df3bb172dfd4d52f8

Exploitability Metrics

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope
Network	Low	None	None	Unchanged

Impact Metrics

Confidentiality Impact	Integrity Impact	Availability Impact
None	None	High