PT-2024-26267 · Unknown · Taurusxin Ncmdump
Helson-S
·
Published
2024-05-20
·
Updated
2024-05-20
·
CVE-2024-34952
CVSS v3.1
5.0
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
taurusxin ncmdump version 1.3.2
Description
The issue is related to a segmentation violation via the
NeteaseCrypt::FixMetadata() function. This allows attackers to cause a Denial of Service (DoS) by using a crafted .ncm file. The vulnerability is located at /src/ncmcrypt.cpp.Recommendations
For version 1.3.2, consider disabling the
NeteaseCrypt::FixMetadata() function as a temporary workaround until a patch is available. Restrict access to crafted .ncm files to minimize the risk of exploitation.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Taurusxin Ncmdump