Lucene search

INCIBECVELIST:CVE-2024-0338

HistoryFeb 02, 2024 - 9:13 a.m.

CVE-2024-0338 Buffer Overflow Vulnerability in XAMPP

2024-02-0209:13:40

CWE-119

INCIBE

www.cve.org

xampp

buffer overflow

vulnerability

version 8.2.4

arbitrary code

structured exception handler

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XAMPP",
    "vendor": "Apachefriends",
    "versions": [
      {
        "lessThanOrEqual": "8.2.4 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

Related for CVELIST:CVE-2024-0338