Cyber Resilience

CVE-2024-4227

HighDDoS

Published: 15 January 2025

Published
15 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0019 40.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4227 is a high-severity Excessive Iteration (CWE-834) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-4227 is a denial-of-service vulnerability in Genivia gSOAP under a specific configuration. An unauthenticated remote attacker can force the software to parse an XML document containing duplicate ID attributes, resulting in high CPU load that leads to a DoS condition. The vulnerability is rated 7.5 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-834.

The attack requires no privileges or user interaction and can be carried out over the network with low complexity. An unauthenticated remote attacker simply needs to send a malicious XML payload with duplicate ID attributes to a vulnerable gSOAP instance, causing excessive resource consumption and potential service disruption due to elevated CPU usage.

Advisories from Genivia reference an upgrade recommendation specifically when the -c++11 option is used to generate C++11 source code, with further details available in the gSOAP changelog on SourceForge.

EU & UK References

Vulnerability details

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote unauthenticated exploitation of a public-facing gSOAP service (T1190) to trigger application-level resource exhaustion DoS via crafted XML input (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34043Shared CWE-834
CVE-2026-45680Shared CWE-834

Affected Assets

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in gSOAP XML parsing by identifying, patching, and deploying the upgrade recommended in Genivia advisories.

prevent

Employs rate limiting, resource quotas, or architectural protections to prevent unauthenticated remote attackers from causing high CPU load via malicious XML payloads.

prevent

Validates incoming XML inputs at the parser boundary to reject documents with duplicate ID attributes before processing causes resource exhaustion.

References