CVE-2024-21502

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-457
View all →

Vulnerability Description

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.

Related Vulnerabilities

CVE-2022-25737

HIGH
CVSS:7.5(High)

Information disclosure in modem due to missing NULL check while reading packets received from local network

CWE-4572022

CVE-2022-34655

HIGH
CVSS:7.5(High)

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic c...

CWE-4572022

CVE-2024-23137

HIGH
CVSS:7.5(High)

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can ...

CWE-4572024

CVE-2024-26147

HIGH
CVSS:7.5(High)

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Whe...

CWE-4572024

CVE-2024-56446

HIGH
CVSS:7.5(High)

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

CWE-4572024