CVE-2024-4227

Summary

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.

Affected Software

VendorProductVersion RangeStatus
GeniviagSOAP2.8.24 <= 2.8.132affected

Weaknesses

  • CWE-834: CWE-834 Excessive Iteration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References