{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13941", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-30T17:58:15.284Z", "datePublished": "2025-04-01T21:00:12.923Z", "dateUpdated": "2025-04-02T14:09:03.706Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-01T21:00:12.923Z"}, "title": "ouch-org ouch zip.rs convert_zip_date_time memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "ouch-org", "product": "ouch", "versions": [{"version": "0.3.0", "status": "affected"}, {"version": "0.3.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in ouch-org ouch bis 0.3.1 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ouch::archive::zip::convert_zip_date_time der Datei zip.rs. Mittels Manipulieren des Arguments month mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.4.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-08-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-30T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-30T20:04:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "yewan (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.302055", "name": "VDB-302055 | ouch-org ouch zip.rs convert_zip_date_time memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302055", "name": "VDB-302055 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.524511", "name": "Submit #524511 | ouch-org ouch 0.3.1 Memory Corruption", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ouch-org/ouch/issues/707", "tags": ["issue-tracking"]}, {"url": "https://github.com/rustsec/advisory-db/pull/2084/files", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/16767988/ouch.crash.report.docx", "tags": ["exploit"]}, {"url": "https://github.com/ouch-org/ouch/releases/tag/0.4.0", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/ouch-org/ouch/issues/707", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T13:59:16.710875Z", "id": "CVE-2024-13941", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T14:09:03.706Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13941", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-02T13:59:16.710875Z"}}}], "references": [{"url": "https://github.com/ouch-org/ouch/issues/707", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T14:00:57.109Z"}}], "cna": {"title": "ouch-org ouch zip.rs convert_zip_date_time memory corruption", "credits": [{"lang": "en", "type": "reporter", "value": "yewan (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "ouch-org", "product": "ouch", "versions": [{"status": "affected", "version": "0.3.0"}, {"status": "affected", "version": "0.3.1"}]}], "timeline": [{"lang": "en", "time": "2024-08-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-30T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-30T20:04:20.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.302055", "name": "VDB-302055 | ouch-org ouch zip.rs convert_zip_date_time memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302055", "name": "VDB-302055 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.524511", "name": "Submit #524511 | ouch-org ouch 0.3.1 Memory Corruption", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ouch-org/ouch/issues/707", "tags": ["issue-tracking"]}, {"url": "https://github.com/rustsec/advisory-db/pull/2084/files", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/16767988/ouch.crash.report.docx", "tags": ["exploit"]}, {"url": "https://github.com/ouch-org/ouch/releases/tag/0.4.0", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in ouch-org ouch bis 0.3.1 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ouch::archive::zip::convert_zip_date_time der Datei zip.rs. Mittels Manipulieren des Arguments month mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.4.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-01T21:00:12.923Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13941", "state": "PUBLISHED", "dateUpdated": "2025-04-02T14:09:03.706Z", "dateReserved": "2025-03-30T17:58:15.284Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-01T21:00:12.923Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component."}], "id": "CVE-2024-13941", "lastModified": "2025-04-02T14:58:07.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-04-01T21:15:41.807", "references": [{"source": "[email protected]", "url": "https://github.com/ouch-org/ouch/issues/707"}, {"source": "[email protected]", "url": "https://github.com/ouch-org/ouch/releases/tag/0.4.0"}, {"source": "[email protected]", "url": "https://github.com/rustsec/advisory-db/pull/2084/files"}, {"source": "[email protected]", "url": "https://github.com/user-attachments/files/16767988/ouch.crash.report.docx"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.302055"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.302055"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.524511"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/ouch-org/ouch/issues/707"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Secondary"}]}

{}