Unicode Normalization Vulnerability Affects Yeti Forensics Intelligence Platform Prior to Version 2.1.11
CVE-2024-45412

7.5HIGH

Key Information:

Vendor
Yeti-platform
Status
Yeti
Vendor
CVE Published:
10 September 2024

Summary

The Yeti Forensics Intelligence platform is impacted by a vulnerability that allows for remote user-controlled data tags to invoke a costly Unicode normalization process under Windows. This overload can lead to denial of service, especially when using specific Unicode characters that can significantly increase payload sizes. The vulnerability is present in all versions prior to 2.1.11, with a patch available in version 2.1.11 that addresses these issues. It is critical for users of the platform to update promptly to safeguard against potential service disruptions caused by this vulnerability.

Affected Version(s)

yeti < 2.1.11

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.