CVE-2024-43380
Last modified
CVE-2024-43380 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Floraison | Fugit | < 1.11.1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-43380?
How severe is CVE-2024-43380?
How do I fix CVE-2024-43380?
Are you affected by CVE-2024-43380?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST