Vulnerability Description
taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos
- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos
- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc
- https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata
- https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc
- https://github.com/taurusxin/ncmdump/issues/18
- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos
- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos
- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc
- https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata
- https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc
- https://github.com/taurusxin/ncmdump/issues/18
FAQ
What is CVE-2024-34952?
CVE-2024-34952 is a vulnerability with a CVSS score of 5.0 (MEDIUM). taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of ...
How severe is CVE-2024-34952?
CVE-2024-34952 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-34952?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.