CVE-2024-32874

EPSS 0.12%
Veröffentlicht 14.05.2024 15:37:13
Zuletzt bearbeitet 21.11.2024 09:15:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerfrigate

≫

Produkt frigate

Default Statusunknown

Version < 0.13.2

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.317

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jq

https://nvd.nist.gov/vuln/detail/CVE-2024-32874

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32874

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32874

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32874