5.3

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PrestashopPrestashop Version8.1.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.454
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://gist.github.com/1047524396/25c45b61a6374e0fdaf720c9863c6bcd
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/blob/8.1.4/classes/Tools.php#L1774
Product
https://github.com/prestashop/prestashop/commit/20fa542294da2cfa034a48041e292acaed0c2a7f
Patch