CVE-2024-23684
Published: 19 January 2024
Summary
CVE-2024-23684 is a high-severity Inefficient Algorithmic Complexity (CWE-407) vulnerability in Peteroupc Cbor. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 14.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0367
Vulnerability details
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use…
more
of this library, this may be a remote attacker.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-23684 enables denial of service via inefficient algorithmic complexity in CBOR decoding, allowing crafted input to exhaust application resources, directly facilitating application exploitation for endpoint DoS.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Addresses inefficient algorithms whose complexity can be exploited for DoS.