Unicode Normalization Vulnerability Affects Yeti Forensics Intelligence Platform Prior to Version 2.1.11
CVE-2024-45412

7.5HIGH

Key Information:

Vendor: Yeti-platform
Status: Yeti
Vendor: CVE Published:; 10 September 2024

🔔 Create Yeti-platform Vulnerability Alert

What is CVE-2024-45412?

The Yeti Forensics Intelligence platform is impacted by a vulnerability that allows for remote user-controlled data tags to invoke a costly Unicode normalization process under Windows. This overload can lead to denial of service, especially when using specific Unicode characters that can significantly increase payload sizes. The vulnerability is present in all versions prior to 2.1.11, with a patch available in version 2.1.11 that addresses these issues. It is critical for users of the platform to update promptly to safeguard against potential service disruptions caused by this vulnerability.