CVE-2024-43380

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-400
View all →

Vulnerability Description

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.

Related Vulnerabilities

CVE-2001-0827

HIGH
CVSS:7.5(High)

Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

CWE-4002001

CVE-2002-20001

HIGH
CVSS:7.5(High)

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...

CWE-4002002

CVE-2006-1364

HIGH
CVSS:7.5(High)

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (...

CWE-4002006

CVE-2006-5708

HIGH
CVSS:7.5(High)

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resu...

CWE-4002006

CVE-2006-6025

HIGH
CVSS:7.5(High)

QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the deta...

CWE-4002006

CVE-2007-20001

HIGH
CVSS:7.5(High)

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iS...

CWE-4002007