Unicode Normalization Vulnerability Affects Yeti Forensics Intelligence Platform Prior to Version 2.1.11
CVE-2024-45412

7.5HIGH

Key Information:

Vendor

Yeti-platform

Status
Yeti
Vendor
CVE Published:
10 September 2024

What is CVE-2024-45412?

The Yeti Forensics Intelligence platform is impacted by a vulnerability that allows for remote user-controlled data tags to invoke a costly Unicode normalization process under Windows. This overload can lead to denial of service, especially when using specific Unicode characters that can significantly increase payload sizes. The vulnerability is present in all versions prior to 2.1.11, with a patch available in version 2.1.11 that addresses these issues. It is critical for users of the platform to update promptly to safeguard against potential service disruptions caused by this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

yeti < 2.1.11

References

https://github.com/yeti-platform/yeti/security/advisories...
x_refsource_CONFIRM
https://github.com/yeti-platform/yeti/commit/f1f0082e7c16...
x_refsource_MISC
https://hackerone.com/reports/2258758
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.