CVE-2024-45167

Name of the Vulnerable Software and Affected Versions UCI IDOL 2 versions through 2.12

Description The issue is caused by improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer. This makes UCI IDOL 2 vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. A certain XmlMessage document can cause 100% CPU consumption.

Recommendations For versions through 2.12, consider disabling the processing of XmlMessage documents until a patch is available to prevent 100% CPU consumption and potential Denial-of-Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.