Last active
June 27, 2024 11:30
-
-
Save MILPDS/e9da6d07ba1789defacec08f2f03293d to your computer and use it in GitHub Desktop.
CVE-2024-37571
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### CVE Vulnerability Disclosure | |
| **CVE-ID:** CVE-2024-37571 | |
| **Description:** | |
| An issue was discovered in SAS Broker 9.2 build 1495. Crafting an integer overflow condition in the debug functionality allows a user to achieve a denial of service (DoS) and/or retrieve information about the software version and build number. | |
| **Vulnerability Type:** | |
| Buffer Overflow | |
| **Vendor of Product:** | |
| SAS: Data and AI Solutions | |
| [https://www.sas.com/en_us/home.html](https://www.sas.com/en_us/home.html) | |
| **Affected Product Code Base:** | |
| SAS Broker - V9.2, build 1495 | |
| **Affected Component:** | |
| Affected function | |
| **Attack Type:** | |
| Remote | |
| **Impact Denial of Service:** | |
| True | |
| **Impact Information Disclosure:** | |
| True | |
| **Attack Vectors:** | |
| To exploit this vulnerability, the user crafts a large integer payload for the `_debug` parameter. This causes an integer overflow, resulting in the application displaying an error page revealing the software's version and build number. Additionally, the application may restart unexpectedly. | |
| **Reference:** | |
| [https://www.sas.com/en_us/home.html](https://www.sas.com/en_us/home.html) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment