CVE-2024-0654 - OpenCVE

A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Iperov	Deepfacelab

Configuration 1 [-]

cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/bayuncao/vul-cve-4
https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg
https://vuldb.com/?ctiid.251382
https://vuldb.com/?id.251382

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-18T01:00:07.149Z

Updated: 2024-08-01T18:11:35.745Z

Reserved: 2024-01-17T14:26:16.294Z

Link: CVE-2024-0654

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-18T01:15:44.347

Modified: 2024-05-17T02:34:50.803

Link: CVE-2024-0654

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0654", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-17T14:26:16.294Z", "datePublished": "2024-01-18T01:00:07.149Z", "dateUpdated": "2024-08-01T18:11:35.745Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-09T19:12:11.048Z"}, "title": "DeepFaceLab Util.py deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization"}]}], "affected": [{"vendor": "n/a", "product": "DeepFaceLab", "versions": [{"version": "pretrained DF.wf.288res.384.92.72.22", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei mainscripts/Util.py. Durch Beeinflussen mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-01-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-17T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-01-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-02-10T19:43:51.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "bayuncao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.251382", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.251382", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/bayuncao/vul-cve-4", "tags": ["broken-link"]}, {"url": "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.745Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251382", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251382", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/bayuncao/vul-cve-4", "tags": ["broken-link", "x_transferred"]}, {"url": "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", "tags": ["broken-link", "exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*", "matchCriteriaId": "F080F016-24B8-4DFE-9592-D049AAAFBB54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en DeepFaceLab preentrenado DF.wf.288res.384.92.72.22 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo mainscripts/Util.py es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. Se requiere acceso local para abordar este ataque. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-251382 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-0654", "lastModified": "2024-05-17T02:34:50.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-01-18T01:15:44.347", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/bayuncao/vul-cve-4"}, {"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251382"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.251382"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Primary"}]}