How severe is CVE-2024-4420?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-4420?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2024-4420 - MEDIUM Severity | CVSS N/A

Vulnerability Description

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow. We recommend upgrading to version 2.1.3 or above

Related Vulnerabilities

CVE-2017-8303

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

CWE-1162017

CVE-2018-15494

CRITICAL

CVSS:9.8(Critical)

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

CWE-1162018

CVE-2018-9246

CRITICAL

CVSS:9.8(Critical)

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting i...

CWE-1162018

CVE-2018-9433

CRITICAL

CVSS:9.8(Critical)

In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed...

CWE-1162018

CVE-2019-11325

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary...

CWE-1162019

CVE-2020-36599

CRITICAL

CVSS:9.8(Critical)

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

CWE-1162020