CVE-2024-31174 - Vulnerability Details - OpenCVE

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::FeaturesReply::unpack. This issue affects libfluid: 0.1.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Open Networking Foundation	Libfluid
Opennetworking	Libfluid Msg

Configuration 1 [-]

cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174

History

Fri, 20 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opennetworking Opennetworking libfluid Msg
CPEs		cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:::::::*
Vendors & Products		Opennetworking Opennetworking libfluid Msg

Wed, 18 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open Networking Foundation Open Networking Foundation libfluid
CPEs		cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:::::::*
Vendors & Products		Open Networking Foundation Open Networking Foundation libfluid
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 14:15:00 +0000

Type	Values Removed	Values Added
Description		Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::FeaturesReply::unpack. This issue affects libfluid: 0.1.0.
Title		Out-of-bounds Read in libfluid_msg library
Weaknesses		CWE-125
References		https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2024-09-18T13:56:19.235Z

Updated: 2024-09-18T17:14:56.200Z

Reserved: 2024-03-29T08:24:13.202Z

Link: CVE-2024-31174

Vulnrichment

Updated: 2024-09-18T17:14:52.819Z

NVD

Status : Analyzed

Published: 2024-09-18T14:15:14.730

Modified: 2024-09-20T19:02:32.503

Link: CVE-2024-31174

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31174", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2024-03-29T08:24:13.202Z", "datePublished": "2024-09-18T13:56:19.235Z", "dateUpdated": "2024-09-18T17:14:56.200Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/", "defaultStatus": "unaffected", "modules": ["libfluid_msg"], "product": "libfluid", "programRoutines": [{"name": "fluid_msg::of10::FeaturesReply::unpack"}], "vendor": "Open Networking Foundation (ONF)", "versions": [{"status": "affected", "version": "0.1.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).<p> This vulnerability is associated with program routine <tt>fluid_msg::of10::FeaturesReply::unpack</tt>.</p><p>This issue affects libfluid: 0.1.0.</p>"}], "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::FeaturesReply::unpack.\n\nThis issue affects libfluid: 0.1.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-18T13:56:19.235Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds Read in libfluid_msg library", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.</span><br>"}], "value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "open_networking_foundation", "product": "libfluid", "cpes": ["cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0.1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T17:14:35.366382Z", "id": "CVE-2024-31174", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T17:14:56.200Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31174", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T17:14:35.366382Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"], "vendor": "open_networking_foundation", "product": "libfluid", "versions": [{"status": "affected", "version": "0.1.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T17:14:52.819Z"}}], "cna": {"title": "Out-of-bounds Read in libfluid_msg library", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Open Networking Foundation (ONF)", "modules": ["libfluid_msg"], "product": "libfluid", "versions": [{"status": "affected", "version": "0.1.0"}], "collectionURL": "https://opennetworkingfoundation.github.io/libfluid/", "defaultStatus": "unaffected", "programRoutines": [{"name": "fluid_msg::of10::FeaturesReply::unpack"}]}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174"}], "workarounds": [{"lang": "en", "value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::FeaturesReply::unpack.\n\nThis issue affects libfluid: 0.1.0.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).<p> This vulnerability is associated with program routine <tt>fluid_msg::of10::FeaturesReply::unpack</tt>.</p><p>This issue affects libfluid: 0.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-18T13:56:19.235Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31174", "state": "PUBLISHED", "dateUpdated": "2024-09-18T17:14:56.200Z", "dateReserved": "2024-03-29T08:24:13.202Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2024-09-18T13:56:19.235Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::FeaturesReply::unpack.\n\nThis issue affects libfluid: 0.1.0."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::FeaturesReply::unpack. Este problema afecta a libfluid: 0.1.0."}], "id": "CVE-2024-31174", "lastModified": "2024-09-20T19:02:32.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2024-09-18T14:15:14.730", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}