CVE-2024-1432 - Vulnerability Details - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/bayuncao/vul-cve-12
https://vuldb.com/?ctiid.253391
https://vuldb.com/?id.253391

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-02-11T03:00:07.400Z

Updated: 2024-08-01T18:40:21.013Z

Reserved: 2024-02-10T10:33:45.606Z

Link: CVE-2024-1432

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2024-02-11T03:15:08.930

Modified: 2024-11-21T08:50:34.387

Link: CVE-2024-1432

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1432", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-02-10T10:33:45.606Z", "datePublished": "2024-02-11T03:00:07.400Z", "dateUpdated": "2024-08-01T18:40:21.013Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T13:41:31.741Z"}, "title": "DeepFaceLab main.py apply_xseg deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization"}]}], "affected": [{"vendor": "n/a", "product": "DeepFaceLab", "versions": [{"version": "pretrained DF.wf.288res.384.92.72.22", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 gefunden. Es geht hierbei um die Funktion apply_xseg der Datei main.py. Mittels Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-02-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-02-10T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-02-10T11:39:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "bayuncao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.253391", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.253391", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/bayuncao/vul-cve-12", "tags": ["exploit"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.013Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.253391", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.253391", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/bayuncao/vul-cve-12", "tags": ["exploit", "x_transferred"]}]}]}}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en DF.wf.288res.384.92.72.22 previamente entrenado en DeepFaceLab y se clasific\u00f3 como problem\u00e1tica. Este problema afecta la funci\u00f3n apply_xseg del archivo main.py. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-253391. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "id": "CVE-2024-1432", "lastModified": "2024-11-21T08:50:34.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-02-11T03:15:08.930", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/bayuncao/vul-cve-12"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.253391"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.253391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/bayuncao/vul-cve-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?ctiid.253391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?id.253391"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Secondary"}]}