CVE-2024-22682

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22682
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

19 Jul 2024, 19:15

Type Values Removed Values Added
CWE CWE-89
Summary
  • (es) DuckDB <=0.9.2 y DuckDB extension-template <=0.9.2 son vulnerables a la inyección de extensiones maliciosas a través de la función de extensión personalizada.
Summary (en) DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature. NOTE: this is disputed by the vendor because the report only demonstrates that an attacker with access to a victim's privileges can replace any file with any other file. (en) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CPE cpe:2.3:a:duckdb:duckdb:*:*:*:*:*:*:*:*
References
  • {'url': 'https://github.com/Tu0Laj1/database_test', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'cve@mitre.org'}
  • {'url': 'https://github.com/duckdb/duckdb/discussions/12893', 'source': 'cve@mitre.org'}
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown

19 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://github.com/duckdb/duckdb/discussions/12893 -

18 Jul 2024, 19:15

Type Values Removed Values Added
Summary (en) DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature. (en) DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature. NOTE: this is disputed by the vendor because the report only demonstrates that an attacker with access to a victim's privileges can replace any file with any other file.

05 Feb 2024, 21:47

Type Values Removed Values Added
CWE CWE-89
First Time Duckdb
Duckdb duckdb
References () https://github.com/Tu0Laj1/database_test - () https://github.com/Tu0Laj1/database_test - Exploit, Third Party Advisory
CPE cpe:2.3:a:duckdb:duckdb:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

30 Jan 2024, 01:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-30 01:16

Updated : 2024-07-19 19:15

NVD link : CVE-2024-22682

Mitre link : CVE-2024-22682

CVE.ORG link : CVE-2024-22682

JSON object : View

Products Affected

No product.

CWE

No CWE.