diff --git a/_cves/CVE-2024-21875.md b/_cves/CVE-2024-21875.md new file mode 100644 index 00000000..d093e3fc --- /dev/null +++ b/_cves/CVE-2024-21875.md @@ -0,0 +1,145 @@ +--- +layout: cve-json-50 +json: { + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "modules": [ + "billboard" + ], + "platforms": [ + "risc-v" + ], + "product": "Hacker Hotel Badge 2024", + "repo": "https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6", + "vendor": "Badge.team", + "versions": [ + { + "lessThanOrEqual": "0.1.3", + "status": "affected", + "version": "0.1.0", + "versionType": "semver" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Casper Kuijpers" + }, + { + "lang": "en", + "type": "analyst", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Frank Breedijk" + } + ], + "datePublic": "2024-02-11T02:30:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.

This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.

" + } + ], + "value": "Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.\n\n" + } + ], + "impacts": [ + { + "capecId": "CAPEC-125", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-125 Flooding" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-770", + "description": "CWE-770 Allocation of Resources Without Limits or Throttling", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://csirt.divd.nl/CVE-2024-21875" + }, + { + "tags": [ + "vendor-advisory", + "issue-tracking", + "patch", + "release-notes", + "technical-description" + ], + "url": "https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6/pull/64" + } + ], + "source": { + "advisory": "CVE-2024-21875", + "discovery": "INTERNAL" + }, + "title": "DoS attack when broadcasting billboard messages", + "x_generator": { + "engine": "Vulnogram 0.1.0-dev" + } + } + }, + "cveMetadata": { + "assignerOrgId": "00000000-0000-4000-9000-000000000000", + "cveId": "CVE-2024-21875", + "requesterUserId": "00000000-0000-4000-9000-000000000000", + "serial": 1, + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} +---