216.73.217.64

CVE-2024-43380

· Published 19/08/2024 15:15 · Modified 21/08/2024 12:38

Labels: CVE-2024-43380 2024-08-19CVE-2024-43380CWE-400NVD-CWE-noinfo[email protected]

Essential information

Published
19/08/2024 15:15
Modified
21/08/2024 12:38
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
floraison / fugit cpe:2.3:a:floraison:fugit:*:*:*:*:*:ruby:*:*

References