CVE-2024-10838

Critical CVSS 9.1

Overview

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

CWE: CWE-191 Published: 2025-03-12T13:15:36.060

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.1 (CRITICAL)
Detected tags: deserialization, dos, int_overflow (tag impact: HIGH)

Recommended actions:

Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.
Rate limiting, resource quotas and circuit breakers.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags