CVE-2024-12354

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/jasontimwong/CVE/issues/2", "name": "https://github.com/jasontimwong/CVE/issues/2", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.287274", "name": "VDB-287274 | CTI Indicators (IOB, IOC, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.287274", "name": "VDB-287274 | SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.457477", "name": "Submit #457477 | SourceCodester Phone Contact Manager System V1.0 Improper Input Validation", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://www.sourcecodester.com/", "name": "https://www.sourcecodester.com/", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-12354", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2024-12-09T02:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:razormist:phone_contact_manager_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-10T23:36Z"}