SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/steve-community/steve/issues/1296 |
History
Wed, 16 Oct 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Steve Project
Steve Project steve |
|
Weaknesses | CWE-331 | |
CPEs | cpe:2.3:a:steve_project:steve:3.6.0:*:*:*:*:*:*:* | |
Vendors & Products |
Steve Project
Steve Project steve |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-13T00:00:00
Updated: 2024-08-01T23:44:08.684Z
Reserved: 2024-02-07T00:00:00
Link: CVE-2024-25407
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-13T01:15:08.470
Modified: 2024-11-21T09:00:45.103
Link: CVE-2024-25407
Redhat
No data.