Unicode Normalization Vulnerability Affects Yeti Forensics Intelligence Platform Prior to Version 2.1.11
CVE-2024-45412
7.5HIGH
Key Information:
- Vendor
- Yeti-platform
- Status
- Yeti
- Vendor
- CVE Published:
- 10 September 2024
Summary
The Yeti Forensics Intelligence platform is impacted by a vulnerability that allows for remote user-controlled data tags to invoke a costly Unicode normalization process under Windows. This overload can lead to denial of service, especially when using specific Unicode characters that can significantly increase payload sizes. The vulnerability is present in all versions prior to 2.1.11, with a patch available in version 2.1.11 that addresses these issues. It is critical for users of the platform to update promptly to safeguard against potential service disruptions caused by this vulnerability.
Affected Version(s)
yeti < 2.1.11
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database