CVE-2024-54159

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

29/11/2024

Last modified:

03/12/2024

Description

stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 4.10 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): None
Integrity (I): Low
Availability (A): Low

Base Score 3.x

4.10

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://cwe.mitre.org/data/definitions/61.html
https://security.opensuse.org/2024/11/29/stalld-fixed-tmp-file.html
https://www.openwall.com/lists/oss-security/2024/11/29/3