Main Vulnerability Database Vulnerabilities #VU64874

#VU64874 Input validation error in dicer - CVE-2022-24434

Published: July 4, 2022

Vulnerability identifier: #VU64874

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-24434

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
dicer

Software vendor:
mscdex

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a modified form to server, and crash the nodejs service. An attacker can sent the payload again and again so that the service continuously crashes.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://snyk.io/vuln/SNYK-JS-DICER-2311764
https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
https://github.com/mscdex/dicer/pull/22
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
https://github.com/advisories/GHSA-wm7h-9275-46v2

#VU64874 Input validation error in dicer - CVE-2022-24434

Description

Remediation

External links

Please verify you're human