Lucene search

DIVDCVELIST:CVE-2024-21875

HistoryFeb 11, 2024 - 8:37 a.m.

CVE-2024-21875 DoS attack when broadcasting billboard messages

2024-02-1108:37:10

CWE-770

DIVD

www.cve.org

cve-2024-21875

dos attack

resource allocation

throttling vulnerability

hacker hotel badge

flooding

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

Percentile

13.4%

JSON

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "billboard"
    ],
    "platforms": [
      "risc-v"
    ],
    "product": "Hacker Hotel Badge 2024",
    "repo": "https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6",
    "vendor": "Badge.team",
    "versions": [
      {
        "lessThanOrEqual": "0.1.3",
        "status": "affected",
        "version": "0.1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

csirt.divd.nl/CVE-2024-21875

github.com/badgeteam/hackerhotel-2024-firmware-esp32c6/pull/64

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

Percentile

13.4%

JSON

Related for CVELIST:CVE-2024-21875