CVE-2024-34952 - Vulnerability Details - OpenCVE

taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Taurusxin	Ncmdump

No data.

No data.

References

Link	Providers
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U
https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata
https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc
https://github.com/taurusxin/ncmdump/issues/18

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00058}`	epss `{'score': 0.00075}`

Thu, 27 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-20T13:09:50.516Z

Updated: 2025-03-27T19:23:18.034Z

Reserved: 2024-05-09T00:00:00.000Z

Link: CVE-2024-34952

Vulnrichment

Updated: 2024-08-02T02:59:22.649Z

NVD

Status : Awaiting Analysis

Published: 2024-05-20T14:15:09.480

Modified: 2025-03-27T20:15:26.297

Link: CVE-2024-34952

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-34952", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-27T19:23:18.034Z", "datePublished": "2024-05-20T13:09:50.516Z", "dateReserved": "2024-05-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-20T13:09:50.833Z"}, "descriptions": [{"lang": "en", "value": "taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U"}, {"url": "https://github.com/taurusxin/ncmdump/issues/18"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-21T15:10:33.460567Z", "id": "CVE-2024-34952", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T19:23:18.034Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.649Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U", "tags": ["x_transferred"]}, {"url": "https://github.com/taurusxin/ncmdump/issues/18", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U", "tags": ["x_transferred"]}, {"url": "https://github.com/taurusxin/ncmdump/issues/18", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.649Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34952", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:10:33.460567Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T15:10:37.799Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U"}, {"url": "https://github.com/taurusxin/ncmdump/issues/18"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png"}], "descriptions": [{"lang": "en", "value": "taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-20T13:09:50.833Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34952", "state": "PUBLISHED", "dateUpdated": "2025-03-27T19:23:18.034Z", "dateReserved": "2024-05-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-20T13:09:50.516Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file."}, {"lang": "es", "value": " Se descubri\u00f3 que taurusxin ncmdump v1.3.2 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n NeteaseCrypt::FixMetadata() en /src/ncmcrypt.cpp. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo .ncm manipulado."}], "id": "CVE-2024-34952", "lastModified": "2025-03-27T20:15:26.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-20T14:15:09.480", "references": [{"source": "[email protected]", "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png"}, {"source": "[email protected]", "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md"}, {"source": "[email protected]", "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U"}, {"source": "[email protected]", "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata"}, {"source": "[email protected]", "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc"}, {"source": "[email protected]", "url": "https://github.com/taurusxin/ncmdump/issues/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/taurusxin/ncmdump/issues/18"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}