CVE-2024-45166

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-400
View all →

Vulnerability Description

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins.

Related Vulnerabilities

CVE-2013-20004

CRITICAL
CVSS:9.8(Critical)

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by try...

CWE-4002013

CVE-2015-4412

CRITICAL
CVSS:9.8(Critical)

BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data v...

CWE-4002015

CVE-2017-1000378

CRITICAL
CVSS:9.8(Critical)

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows...

CWE-4002017

CVE-2017-9104

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.

CWE-4002017

CVE-2017-9119

CRITICAL
CVSS:9.8(Critical)

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by...

CWE-4002017

CVE-2018-11936

CRITICAL
CVSS:9.8(Critical)

Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access. in Snapdragon Auto, Snapdragon Connectivity, Snap...

CWE-4002018