How severe is CVE-2023-36810?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-36810?

This is classified as CWE-407, which is a common weakness in software security.

CVE-2023-36810

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-407

View all →

Vulnerability Description

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2024-39702

MEDIUM

CVSS:5.9(Medium)

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive r...

CWE-4072024

CVE-2024-29916

MEDIUM

CVSS:5.6(Medium)

The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired ...

CWE-4072024

CVE-2016-10396

HIGH

CVSS:7.5(High)

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaus...

CWE-4072016

CVE-2017-11343

HIGH

CVSS:7.5(High)

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, w...

CWE-4072017

CVE-2018-12558

HIGH

CVSS:7.5(High)

The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that ca...

CWE-4072018

CVE-2019-19331

HIGH

CVSS:7.5(High)

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases ...

CWE-4072019

CVE-2023-36810

Vulnerability Description

Related Vulnerabilities

CVE-2024-39702

CVE-2024-29916

CVE-2016-10396

CVE-2017-11343

CVE-2018-12558

CVE-2019-19331