Telerik Document Processing Libraries: Denial of Service via Resource Exhaustion
CVE-2024-8049 Published on November 13, 2024
Telerik Document Processing Improper Handling of Memory Resources
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
Vulnerability Analysis
CVE-2024-8049 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.
Products Associated with CVE-2024-8049
Want to know whenever a new CVE is published for Progress Telerik Document Processing Libraries? stack.watch will email you.
Affected Versions
Progress Software Telerik Document Processing Libraries:- Version 1.0.0 and below 2024.4.1106 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.