Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-45163

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Aug, 2024 | 00:00
Updated At-18 Mar, 2026 | 16:49
Rejected At-
Credits

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Aug, 2024 | 00:00
Updated At:18 Mar, 2026 | 16:49
Rejected At:
▼CVE Numbering Authority (CNA)

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1
N/A
https://pastebin.com/6tqHnCva
N/A
https://youtu.be/aJkvSr85ML8
N/A
https://flowtriq.com/blog/cve-2024-45163-mirai-botnet-kill-switch
N/A
Hyperlink: https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1
Resource: N/A
Hyperlink: https://pastebin.com/6tqHnCva
Resource: N/A
Hyperlink: https://youtu.be/aJkvSr85ML8
Resource: N/A
Hyperlink: https://flowtriq.com/blog/cve-2024-45163-mirai-botnet-kill-switch
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
mirai
Product
botnet
CPEs
  • cpe:2.3:a:mirai:botnet:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 2024-08-19 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Aug, 2024 | 04:15
Updated At:15 Apr, 2026 | 00:35

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-400Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-400
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1cve@mitre.org
N/A
https://flowtriq.com/blog/cve-2024-45163-mirai-botnet-kill-switchcve@mitre.org
N/A
https://pastebin.com/6tqHnCvacve@mitre.org
N/A
https://youtu.be/aJkvSr85ML8cve@mitre.org
N/A
Hyperlink: https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://flowtriq.com/blog/cve-2024-45163-mirai-botnet-kill-switch
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://pastebin.com/6tqHnCva
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://youtu.be/aJkvSr85ML8
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2022-27889
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 60.55%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:45
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.

Action-Not Available
Vendor-palantirPalantir
Product-foundry_multipassFoundry Multipass
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2022-24118
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 49.09%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-12 Apr, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

Action-Not Available
Vendor-gen/a
Product-inet_900_firmwaresd4sd9td220x_firmwaresd9_firmwareinet_ii_900sd1sd1_firmwaretd220maxinet_ii_900_firmwaresd2_firmwareinet_900sd4_firmwaretd220max_firmwaresd2td220xn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30769
Matching Score-4
Assigner-Halborn
ShareView Details
Matching Score-4
Assigner-Halborn
CVSS Score-9.1||CRITICAL
EPSS-1.31% / 80.03%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-03 Mar, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rab13s Exploit

Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.

Action-Not Available
Vendor-dogecoinDogecoin
Product-dogecoinNode
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-42579
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.10%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 18:01
Updated-18 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Action-Not Available
Vendor-The Netty Project
Product-nettynetty
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-626
Null Byte Interaction Error (Poison Null Byte)
CVE-2024-6036
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-5.37% / 90.18%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 22:57
Updated-15 Jul, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.

Action-Not Available
Vendor-gaizhenbiaogaizhenbiaogaizhenbiao
Product-chuanhuchatgptgaizhenbiao/chuanhuchatgptchuanhuchatgpt
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-48609
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.1||CRITICAL
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-08 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
Details not found