CVE-2024-39590

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-704
View all →

Vulnerability Description

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function

Related Vulnerabilities

CVE-2015-5219

HIGH
CVSS:7.5(High)

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infini...

CWE-7042015

CVE-2017-13888

HIGH
CVSS:7.5(High)

In iOS before 11.2, a type confusion issue was addressed with improved memory handling.

CWE-7042017

CVE-2018-12453

HIGH
CVSS:7.5(High)

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream...

CWE-7042018

CVE-2018-5817

HIGH
CVSS:7.5(High)

A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

CWE-7042018

CVE-2018-8076

HIGH
CVSS:7.5(High)

ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API fo...

CWE-7042018

CVE-2020-10735

HIGH
CVSS:7.5(High)

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for ...

CWE-7042020