CVE-2024-4227Excessive Iteration in Gsoap

CWE-834Excessive Iteration6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 59.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Genivia Gsoap
Timeline
PublishedJan 15
Latest updateApr 15

Description

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debiangenivia/gsoap< 2.8.135-1+1
CVEListV5genivia/gsoap2.8.242.8.132

🔴Vulnerability Details

3
GHSA
GHSA-v23x-2mww-cc32: In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having dup2025-01-15
OSV
CVE-2024-4227: In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having dup2025-01-15
CVEList
gSOAP: Vulnerable to specially crafted unencrypted SDC messages2025-01-15

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Risk Matrix: Configuration Management Platform (gSOAP) — CVE-2024-42272025-04-15
Debian
CVE-2024-4227: gsoap - In Genivia gSOAP with a specific configuration an unauthenticated remote attacke...2024
CVE-2024-4227 — Excessive Iteration in Genivia Gsoap | cvebase