Oracle Application Testing Suite 13.3.0.1 Load Testing for Web Apps denial of service

A vulnerability was found in Oracle Application Testing Suite 13.3.0.1. It has been classified as critical. This affects an unknown part of the component Load Testing for Web Apps. The manipulation leads to denial of service. The CWE definition for the vulnerability is CWE-404. The weakness was shared 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. It is possible to read the advisory at oracle.com. This vulnerability is uniquely identified as CVE-2023-2618. It is possible to initiate the attack remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $5k-$25k. The bugfix is ready for download at github.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field01/17/2024 09:0902/08/2024 08:3402/08/2024 08:35
vendorOracleOracleOracle
nameApplication Testing SuiteApplication Testing SuiteApplication Testing Suite
cveCVE-2023-2618CVE-2023-2618CVE-2023-2618
componentLoad Testing for Web AppsLoad Testing for Web AppsLoad Testing for Web Apps
risk222
cwe404 (denial of service)404 (denial of service)404 (denial of service)
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
version13.3.0.113.3.0.113.3.0.1
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujan2024.htmlhttps://www.oracle.com/security-alerts/cpujan2024.htmlhttps://www.oracle.com/security-alerts/cpujan2024.html
date1705359600 (01/16/2024)1705359600 (01/16/2024)1705359600 (01/16/2024)
identifierOracle Critical Patch Update Advisory - January 2024Oracle Critical Patch Update Advisory - January 2024Oracle Critical Patch Update Advisory - January 2024
date1705359600 (01/16/2024)1705359600 (01/16/2024)1705359600 (01/16/2024)
typeTesting SoftwareTesting SoftwareTesting Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.87.87.8
cvss2_vuldb_tempscore6.86.86.8
cvss3_vuldb_basescore7.57.57.5
cvss3_vuldb_tempscore7.27.27.2
cvss3_meta_basescore7.57.56.8
cvss3_meta_tempscore7.27.26.7
price_0day$5k-$25k$5k-$25k$5k-$25k
patch_urlhttps://github.com/opencv/opencv_contrib/pull/3484https://github.com/opencv/opencv_contrib/pull/3484
cve_assigned1683669600 (05/10/2023)1683669600 (05/10/2023)
cve_nvd_summaryA vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iN
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore5.0
cvss3_nvd_basescore7.5
cvss3_cna_basescore5.3

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!