KEVIntel
Back to KEVs
7.5
CVSS
High

CVE-2023-40711

PUBLISHED

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Veilid
Product
Veilid
Published
Aug 20, 2023
EPSS

Description

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitation status

Exploited in the wild

Recorded 2023-08-20 00:00:00 UTC · Source

SSVC decision points

Exploitation
none
Automatable
Yes
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE Aug 20, 2023

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel