CVE-2024-3207

Published: Apr 2, 2024

Modified: Aug 21, 2024

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor	Product	Versions
ermig1979	Simd	affected `6.0.134`

Weaknesses (CWE)

CWE-122

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow

vdb-entry

technical-description

VDB-259054 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow

third-party-advisory

https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-3207

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References