CVE-2024-3207 - Vulnerability Details - OpenCVE

A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00152.

Key SSVC decision points have not yet been added.

Vendors	Products
Ermig1979	Simd

Configuration 1 [-]

cpe:2.3:a:ermig1979:simd:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing
https://vuldb.com/?ctiid.259054
https://vuldb.com/?id.259054
https://vuldb.com/?submit.304572

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00092}`	epss `{'score': 0.00108}`

Fri, 25 Apr 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ermig1979 Ermig1979 simd
CPEs		cpe:2.3:a:ermig1979:simd::::::::
Vendors & Products		Ermig1979 Ermig1979 simd

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-04-02T22:31:07.068Z

Updated: 2024-08-21T14:43:17.804Z

Reserved: 2024-04-02T16:44:51.205Z

Link: CVE-2024-3207

Vulnrichment

Updated: 2024-08-01T20:05:07.496Z

NVD

Status : Analyzed

Published: 2024-04-02T23:15:54.853

Modified: 2025-04-25T14:38:36.010

Link: CVE-2024-3207

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3207", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-04-02T16:44:51.205Z", "datePublished": "2024-04-02T22:31:07.068Z", "dateUpdated": "2024-08-21T14:43:17.804Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-02T22:31:07.068Z"}, "title": "ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "affected": [{"vendor": "ermig1979", "product": "Simd", "versions": [{"version": "6.0.134", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In ermig1979 Simd bis 6.0.134 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion ReadUnsigned der Datei src/Simd/SimdMemoryStream.h. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-04-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-04-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-02T18:50:58.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "AlkaidLx (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.259054", "name": "VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.259054", "name": "VDB-259054 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.304572", "name": "Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.496Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.259054", "name": "VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.259054", "name": "VDB-259054 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.304572", "name": "Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "ermig1979", "product": "simd", "cpes": ["cpe:2.3:a:ermig1979:simd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0.134", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T14:41:43.421031Z", "id": "CVE-2024-3207", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:43:17.804Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.259054", "name": "VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.259054", "name": "VDB-259054 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.304572", "name": "Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.496Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3207", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T14:41:43.421031Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ermig1979:simd:*:*:*:*:*:*:*:*"], "vendor": "ermig1979", "product": "simd", "versions": [{"status": "affected", "version": "6.0.134"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:43:11.142Z"}}], "cna": {"title": "ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "AlkaidLx (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "ermig1979", "product": "Simd", "versions": [{"status": "affected", "version": "6.0.134"}]}], "timeline": [{"lang": "en", "time": "2024-04-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-04-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-04-02T18:50:58.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.259054", "name": "VDB-259054 | ermig1979 Simd SimdMemoryStream.h ReadUnsigned heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.259054", "name": "VDB-259054 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.304572", "name": "Submit #304572 | Simd Simd commit a1580a5fb13e2f8c78715afb0bc47e44519ccd32 heap-buffer-overflow", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In ermig1979 Simd bis 6.0.134 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion ReadUnsigned der Datei src/Simd/SimdMemoryStream.h. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-02T22:31:07.068Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3207", "state": "PUBLISHED", "dateUpdated": "2024-08-21T14:43:17.804Z", "dateReserved": "2024-04-02T16:44:51.205Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-04-02T22:31:07.068Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ermig1979:simd:*:*:*:*:*:*:*:*", "matchCriteriaId": "572340A7-7144-4B19-9E20-26A458BE41A7", "versionEndIncluding": "6.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en ermig1979 Simd hasta 6.0.134. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n ReadUnsigned del archivo src/Simd/SimdMemoryStream.h. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259054 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-3207", "lastModified": "2025-04-25T14:38:36.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-02T23:15:54.853", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.259054"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.259054"}, {"source": "cna@vuldb.com", "tags": ["VDB Entry", "Exploit"], "url": "https://vuldb.com/?submit.304572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://drive.google.com/drive/folders/1z0JBsZ-QR3RsuAf-uyit_ZGXCh0rEvFq?usp=sharing"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.259054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.259054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Exploit"], "url": "https://vuldb.com/?submit.304572"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Secondary"}]}