Lucene search

MitreCVE-2024-23085

HistoryApr 08, 2024 - 8:15 p.m.

CVE-2024-23085

2024-04-0820:15:08

CWE-690

mitre

web.nvd.nist.gov

cve-2024-23085

nvd

org.apfloat.internal.doublescramble

nullpointerexception

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

Percentile

15.5%

JSON

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

References

apfloat.com

gist.github.com/LLM4IG/a4a54fc4abe044976a66af9fffedfc94

github.com/mtommila/apfloat

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-23085