MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Csiro
  • Multi-protocol Spdz
Data61
  • Mp-spdz

Configuration 1 [-]

cpe:2.3:a:csiro:multi-protocol_spdz:0.3.8:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/FudanMPL/Vulnerabilities-in-MPC-Framework/tree/main/MP-SPDZ/stack-buffer-overflow-octetStream cve-icon cve-icon
History

Mon, 16 Jun 2025 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Csiro
Csiro multi-protocol Spdz
CPEs cpe:2.3:a:csiro:multi-protocol_spdz:0.3.8:*:*:*:*:*:*:*
Vendors & Products Csiro
Csiro multi-protocol Spdz

Fri, 25 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121

Fri, 25 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Data61
Data61 mp-spdz
Weaknesses CWE-125
CPEs cpe:2.3:a:data61:mp-spdz:-:*:*:*:*:*:*:*
Vendors & Products Data61
Data61 mp-spdz
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-07T00:00:00

Updated: 2024-10-25T19:11:42.592Z

Reserved: 2024-04-26T00:00:00

Link: CVE-2024-33781

cve-icon Vulnrichment

Updated: 2024-08-02T02:36:04.598Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-07T14:15:10.880

Modified: 2025-06-16T21:45:19.070

Link: CVE-2024-33781

cve-icon Redhat

No data.