Uncontrolled Resource Consumption vulnerability on Sandsprite scdbg
Scdbg, version 1.0.
INCIBE has coordinated the publication of 1 vulnrability that affects sandsprite v1.0, shellcode analysis application, with HIGH severity which has been discovered by Rafael Pedrero.
This vulnerability have been assigned the following code, CVSS v3.1 base score, CVSS vector and the CWE vulnerability type of each vulnerability:
- CVE-2024-0581: 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | CWE-400.
The reported vulnerability has been fixed. It is recommended to upgrade to the latest software version of the affected product.
CVE-2021-0029: An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan.