Lucene search

INCIBECVE-2024-0581

HistoryJan 16, 2024 - 2:15 p.m.

CVE-2024-0581

2024-01-1614:15:49

CWE-400

INCIBE

web.nvd.nist.gov

sandsprite scdbg.exe

vulnerability

resource consumption

cve-2024-0581

security

malware

shellcode

shutdown

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the ‘/foff’ parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan.

Affected configurations

Nvd

Vulners

Node

sandspritescdbgMatch1.0

VendorProductVersionCPE
sandspritescdbg1.0cpe:2.3:a:sandsprite:scdbg:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sandsprite	scdbg	1.0	cpe:2.3:a:sandsprite:scdbg:1.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Scdbg",
    "vendor": "Sandsprite",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-0581