Denial-of-Service Vulnerability in Genivia gSOAP Affects Unauthenticated Remote Users
CVE-2024-4227

7.5HIGH

Key Information:

Vendor: Genivia
Status: Gsoap
Vendor: CVE Published:; 15 January 2025

Summary

A vulnerability exists in Genivia gSOAP that allows an unauthenticated remote attacker to trigger excessive CPU usage. This can occur when the software is configured to parse XML files containing duplicate ID attributes. The resultant denial of service can severely impact the performance of the affected system. It is crucial for users to ensure they are using the latest versions and adhere to the recommended configurations to mitigate this risk.

Affected Version(s)

gSOAP 2.8.24 <= 2.8.132

References

https://sourceforge.net/p/gsoap2/code/HEAD/tree/changelog.md

release-notes

https://www.genivia.com/advisory.html#Upgrade_recommendat...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Apr 26, 2024