CVE-2024-30249 - OpenCVE

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-04T18:42:34.012Z

Updated: 2024-08-21T14:30:49.632Z

Reserved: 2024-03-26T12:52:00.933Z

Link: CVE-2024-30249

Vulnrichment

Updated: 2024-08-02T01:32:06.628Z

NVD

Status : Awaiting Analysis

Published: 2024-04-04T19:15:08.293

Modified: 2024-04-04T19:24:50.670

Link: CVE-2024-30249

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30249", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-26T12:52:00.933Z", "datePublished": "2024-04-04T18:42:34.012Z", "dateUpdated": "2024-08-21T14:30:49.632Z"}, "containers": {"cna": {"title": "Cloudburst Network DoS in RakNet connection handling", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh"}], "affected": [{"vendor": "CloudburstMC", "product": "Network", "versions": [{"version": "< 1.0.0.CR1-20240330.101522-15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T18:42:34.012Z"}, "descriptions": [{"lang": "en", "value": "Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library."}], "source": {"advisory": "GHSA-6h3m-c6fv-8hvh", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:06.628Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh"}]}, {"affected": [{"vendor": "cloudburstmc", "product": "network", "cpes": ["cpe:2.3:a:cloudburstmc:network:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.0.CR1-20240330.101522-15", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T14:25:59.942581Z", "id": "CVE-2024-30249", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:30:49.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", "name": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:06.628Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30249", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T14:25:59.942581Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cloudburstmc:network:*:*:*:*:*:*:*:*"], "vendor": "cloudburstmc", "product": "network", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0.CR1-20240330.101522-15", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:30:43.180Z"}}], "cna": {"title": "Cloudburst Network DoS in RakNet connection handling", "source": {"advisory": "GHSA-6h3m-c6fv-8hvh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "CloudburstMC", "product": "Network", "versions": [{"status": "affected", "version": "< 1.0.0.CR1-20240330.101522-15"}]}], "references": [{"url": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", "name": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T18:42:34.012Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30249", "state": "PUBLISHED", "dateUpdated": "2024-08-21T14:30:49.632Z", "dateReserved": "2024-03-26T12:52:00.933Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-04T18:42:34.012Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library."}, {"lang": "es", "value": "Cloudburst Network proporciona componentes de red utilizados en proyectos de Cloudburst. Una vulnerabilidad en versiones anteriores a `1.0.0.CR1-20240330.101522-15` afecta el software de acceso p\u00fablico seg\u00fan las versiones afectadas de la red y permite a un atacante usar la red como vector de amplificaci\u00f3n para un ataque de denegaci\u00f3n de servicio UDP contra un tercero. o como un intento de provocar la suspensi\u00f3n del servicio del anfitri\u00f3n. Todos los consumidores de la librer\u00eda deben actualizar al menos a la versi\u00f3n `1.0.0.CR1-20240330.101522-15` para recibir una soluci\u00f3n. No se conocen workarounds m\u00e1s all\u00e1 de actualizar la librer\u00eda."}], "id": "CVE-2024-30249", "lastModified": "2024-04-04T19:24:50.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-04T19:15:08.293", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}