Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13275

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-09 Jan, 2025 | 19:27
Updated At-14 Jan, 2025 | 17:12
Rejected At-
Credits

Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:09 Jan, 2025 | 19:27
Updated At:14 Jan, 2025 | 17:12
Rejected At:
▼CVE Numbering Authority (CNA)
Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Security Kit
Collection URL
https://www.drupal.org/project/seckit
Repo
https://git.drupalcode.org/project/seckit
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 2.0.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-843CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Type: CWE
CWE ID: CWE-843
Description: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-469CAPEC-469 HTTP DoS
CAPEC ID: CAPEC-469
Description: CAPEC-469 HTTP DoS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
_b0lli
remediation developer
jweowu
remediation developer
Drew Webber
coordinator
Greg Knaddison
coordinator
Drew Webber
coordinator
Heine Deelstra
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2024-039
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2024-039
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:09 Jan, 2025 | 20:15
Updated At:14 Jan, 2025 | 18:15

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-843Secondarymlhess@drupal.org
CWE ID: CWE-843
Type: Secondary
Source: mlhess@drupal.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2024-039mlhess@drupal.org
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2024-039
Source: mlhess@drupal.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2024-13274
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.82%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:27
Updated-14 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.

Action-Not Available
Vendor-The Drupal Association
Product-Open Social
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2023-44094
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:43
Updated-18 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-34967
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-18.57% / 95.01%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:57
Updated-22 Nov, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: type confusion in mdssvc rpc service for spotlight

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

Action-Not Available
Vendor-Debian GNU/LinuxSambaFedora ProjectRed Hat, Inc.
Product-sambadebian_linuxfedoraenterprise_linuxRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Storage 3Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
Details not found