How severe is CVE-2024-7531?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-7531?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2024-7531 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

Related Vulnerabilities

CVE-2012-5630

MEDIUM

CVSS:6.3(Medium)

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

CWE-3672012

CVE-2020-8017

MEDIUM

CVSS:6.3(Medium)

A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software D...

CWE-3672020

CVE-2022-23563

MEDIUM

CVSS:6.3(Medium)

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and librarie...

CWE-3672022

CVE-2022-3700

MEDIUM

CVSS:6.3(Medium)

A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

CWE-3672022

CVE-2023-0006

MEDIUM

CVSS:6.3(Medium)

A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condi...

CWE-3672023

CVE-2023-1585

MEDIUM

CVSS:6.3(Medium)

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed ...

CWE-3672023