Home > Vulnerability Database > CVE-2024-10838

Mend.io Vulnerability Database

CVE-2024-10838

Date: March 12, 2025

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

Severity Score

9.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10838

Url: https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42

Url: https://gitlab.eclipse.org/security/cve-assignement/-/issues/46

Url: https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5

Url: https://www.mend.io/vulnerability-database/CVE-2024-10838

Severity Score

9.1

Weakness Type (CWE)

Integer Underflow (Wrap or Wraparound)

CWE-191

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10838

Date: March 12, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?