CVE-2024-29904
Published: 29 March 2024
Summary
CVE-2024-29904 is a high-severity Infinite Loop (CWE-835) vulnerability in Codeigniter Codeigniter. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 26.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0802
Vulnerability details
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7…
more
or later.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.
Prevents uncontrolled recursion that exhausts stack or CPU resources.