Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2024-45338

Public on 2024-12-18
Modified on 2025-01-04
Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity
Medium
See what this means
CVSS v3 Base Score
5.9
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core amazon-cloudwatch-agent 2025-02-26 22:35 ALAS2-2025-2779
Amazon Linux 2023 amazon-cloudwatch-agent 2025-02-26 23:14 ALAS2023-2025-880
Amazon Linux 2023 ecs-init 2025-02-26 23:14 ALAS2023-2025-879
Amazon Linux 2 - Core nerdctl 2025-01-30 22:56 ALAS2-2025-2749
Amazon Linux 2023 nerdctl 2025-01-30 03:53 ALAS2023-2025-833
Amazon Linux 2 - Docker Extra runfinch-finch 2025-01-21 20:23 ALAS2DOCKER-2025-048
Amazon Linux 2 - Docker Extra runfinch-finch 2025-01-31 05:43 ALAS2DOCKER-2025-050
Amazon Linux 2023 runfinch-finch 2025-01-30 03:53 ALAS2023-2025-834
Amazon Linux 2023 runfinch-finch 2025-01-21 23:11 ALAS2023-2025-816
Amazon Linux 2 - Docker Extra soci-snapshotter 2025-02-12 23:08 ALAS2DOCKER-2025-052
Amazon Linux 2023 soci-snapshotter 2025-02-12 22:57 ALAS2023-2025-858

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Red Hat: CVE-2024-45338 Mitre: CVE-2024-45338 FAQs regarding Amazon Linux ALAS/CVE Severity