From a701164f357e94cdc105b9d7e9db7fcc6d2cd7ab Mon Sep 17 00:00:00 2001
From: Frank Breedijk <f.breedijk@divd.nl>
Date: Sun, 11 Feb 2024 03:38:43 +0100
Subject: [PATCH 1/3] Adding CVE-2024-21875 to the csirt site

---
 _cves/CVE-2024-21875.md | 136 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 _cves/CVE-2024-21875.md

diff --git a/_cves/CVE-2024-21875.md b/_cves/CVE-2024-21875.md
new file mode 100644
index 00000000..c8d4d31d
--- /dev/null
+++ b/_cves/CVE-2024-21875.md
@@ -0,0 +1,136 @@
+---
+layout: cve-json-50
+json: {
+{
+    "containers": {
+        "cna": {
+            "affected": [
+                {
+                    "defaultStatus": "unaffected",
+                    "modules": [
+                        "billboard"
+                    ],
+                    "platforms": [
+                        "risc-v"
+                    ],
+                    "product": "Hacker Hotel Badge 2024",
+                    "repo": "https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6",
+                    "vendor": "Badge.team",
+                    "versions": [
+                        {
+                            "lessThanOrEqual": "0.1.3",
+                            "status": "affected",
+                            "version": "0.1.0",
+                            "versionType": "semver"
+                        }
+                    ]
+                }
+            ],
+            "credits": [
+                {
+                    "lang": "en",
+                    "type": "finder",
+                    "user": "00000000-0000-4000-9000-000000000000",
+                    "value": "Casper Kuijpers"
+                },
+                {
+                    "lang": "en",
+                    "type": "analyst",
+                    "user": "00000000-0000-4000-9000-000000000000",
+                    "value": "Frank Breedijk"
+                }
+            ],
+            "datePublic": "2024-02-11T02:30:00.000Z",
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "supportingMedia": [
+                        {
+                            "base64": false,
+                            "type": "text/html",
+                            "value": "Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.<p>This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.</p>"
+                        }
+                    ],
+                    "value": "Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.\n\n"
+                }
+            ],
+            "impacts": [
+                {
+                    "capecId": "CAPEC-125",
+                    "descriptions": [
+                        {
+                            "lang": "en",
+                            "value": "CAPEC-125 Flooding"
+                        }
+                    ]
+                }
+            ],
+            "metrics": [
+                {
+                    "cvssV3_1": {
+                        "attackComplexity": "LOW",
+                        "attackVector": "ADJACENT_NETWORK",
+                        "availabilityImpact": "HIGH",
+                        "baseScore": 5.7,
+                        "baseSeverity": "MEDIUM",
+                        "confidentialityImpact": "NONE",
+                        "integrityImpact": "NONE",
+                        "privilegesRequired": "NONE",
+                        "scope": "UNCHANGED",
+                        "userInteraction": "REQUIRED",
+                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+                        "version": "3.1"
+                    },
+                    "format": "CVSS",
+                    "scenarios": [
+                        {
+                            "lang": "en",
+                            "value": "GENERAL"
+                        }
+                    ]
+                }
+            ],
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "cweId": "CWE-770",
+                            "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
+                            "lang": "en",
+                            "type": "CWE"
+                        }
+                    ]
+                }
+            ],
+            "providerMetadata": {
+                "orgId": "00000000-0000-4000-9000-000000000000"
+            },
+            "references": [
+                {
+                    "tags": [
+                        "third-party-advisory"
+                    ],
+                    "url": "https://csirt.divd.nl/CVE-2024-21875"
+                }
+            ],
+            "source": {
+                "advisory": "CVE-2024-21875",
+                "discovery": "INTERNAL"
+            },
+            "title": "DoS attack when broadcasting billboard messages",
+            "x_generator": {
+                "engine": "Vulnogram 0.1.0-dev"
+            }
+        }
+    },
+    "cveMetadata": {
+        "assignerOrgId": "00000000-0000-4000-9000-000000000000",
+        "cveId": "CVE-2024-21875",
+        "requesterUserId": "00000000-0000-4000-9000-000000000000",
+        "serial": 1,
+        "state": "PUBLISHED"
+    },
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.0"
+}
+---

From f49b2ab371c9e5c425c6da785606129a43921e62 Mon Sep 17 00:00:00 2001
From: Frank Breedijk <f.breedijk@divd.nl>
Date: Sun, 11 Feb 2024 03:40:06 +0100
Subject: [PATCH 2/3] Beetje yaml dit

---
 _cves/CVE-2024-21875.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/_cves/CVE-2024-21875.md b/_cves/CVE-2024-21875.md
index c8d4d31d..90f1b137 100644
--- a/_cves/CVE-2024-21875.md
+++ b/_cves/CVE-2024-21875.md
@@ -1,7 +1,6 @@
 ---
 layout: cve-json-50
 json: {
-{
     "containers": {
         "cna": {
             "affected": [

From 0ae182f25f5331d22de6cb4397912aeb2235ae40 Mon Sep 17 00:00:00 2001
From: Frank Breedijk <f.breedijk@divd.nl>
Date: Sun, 11 Feb 2024 09:26:15 +0100
Subject: [PATCH 3/3] badge.team published their advisory

---
 _cves/CVE-2024-21875.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/_cves/CVE-2024-21875.md b/_cves/CVE-2024-21875.md
index 90f1b137..d093e3fc 100644
--- a/_cves/CVE-2024-21875.md
+++ b/_cves/CVE-2024-21875.md
@@ -110,6 +110,16 @@ json: {
                         "third-party-advisory"
                     ],
                     "url": "https://csirt.divd.nl/CVE-2024-21875"
+                },
+                {
+                    "tags": [
+                        "vendor-advisory",
+                        "issue-tracking",
+                        "patch",
+                        "release-notes",
+                        "technical-description"
+                    ],
+                    "url": "https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6/pull/64"
                 }
             ],
             "source": {