CVE-2024-1432

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 5.0 MEDIUM
CVSS v2.0 5.1 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/bayuncao/vul-cve-12
https://vuldb.com/?ctiid.253391
https://vuldb.com/?id.253391

Configurations

No configuration.

History

13 Feb 2024, 08:16

Type	Values Removed	Values Added
Summary		(es) NO COMPATIBLE CUANDO SE ASIGNÓ Se encontró una vulnerabilidad en DF.wf.288res.384.92.72.22 previamente entrenado en DeepFaceLab y se clasificó como problemática. Este problema afecta la función apply_xseg del archivo main.py. La manipulación conduce a la deserialización. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotación es difícil. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-253391. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.

11 Feb 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-11 03:15

Updated : 2024-04-11 01:24

NVD link : CVE-2024-1432

Mitre link : CVE-2024-1432

CVE.ORG link : CVE-2024-1432

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-1432", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}]}, "published": "2024-02-11T03:15:08.930", "references": [{"url": "https://github.com/bayuncao/vul-cve-12", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.253391", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.253391", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en DF.wf.288res.384.92.72.22 previamente entrenado en DeepFaceLab y se clasific\u00f3 como problem\u00e1tica. Este problema afecta la funci\u00f3n apply_xseg del archivo main.py. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-253391. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2024-04-11T01:24:27.153", "sourceIdentifier": "cna@vuldb.com"}