CVE-2022-24294

{"id": "CVE-2022-24294", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-24T18:15:09.587", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/07/24/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2022/07/24/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1."}, {"lang": "es", "value": "Una expresi\u00f3n regular usa en Apache MXNet (incubating) es vulnerable a una potencial denegaci\u00f3n de servicio por consumo excesivo de recursos. El fallo podr\u00eda explotarse cuando es cargado un modelo en Apache MXNet que presenta un nombre de operador especialmente dise\u00f1ado que causar\u00eda que la evaluaci\u00f3n de la expresi\u00f3n regular usara excesivos recursos para intentar una coincidencia. Este problema afecta a Apache MXNet versiones anteriores a 1.9.1"}], "lastModified": "2024-11-21T06:50:06.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:mxnet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF32D44D-C18B-4E0A-9AA2-5CE197CB8FB7", "versionEndExcluding": "1.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}