How severe is CVE-2024-28243?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-28243?

This is classified as CWE-674, which is a common weakness in software security.

CVE-2024-28243 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

Related Vulnerabilities

CVE-2017-0886

MEDIUM

CVSS:6.5(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the applicati...

CWE-6742017

CVE-2017-10910

MEDIUM

CVSS:6.5(Medium)

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.

CWE-6742017

CVE-2017-16419

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. Th...

CWE-6742017

CVE-2018-0739

MEDIUM

CVSS:6.5(Medium)

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of S...

CWE-6742018

CVE-2018-1158

MEDIUM

CVSS:6.5(Medium)

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

CWE-6742018

CVE-2018-20821

MEDIUM

CVSS:6.5(Medium)

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

CWE-6742018