CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29131

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00108/1

CVE-2024-29131 is an out-of-bounds write vulnerability in Apache Commons Configuration versions 2.0 to before 2.10.1. This vulnerability allows attackers to potentially overwrite memory, leading to crashes or arbitrary code execution. The recommended action is to upgrade to version 2.10.1 to mitigate this risk. With an SVRS of 30, while not critical, this vulnerability should be addressed promptly to prevent potential exploitation. Although the CVSS score is 0, the presence of the "In The Wild" tag suggests potential active exploitation, raising the level of concern. Ignoring this vulnerability could lead to system instability or allow attackers to compromise systems using affected Apache Commons Configuration versions. The affected versions should be upgraded as soon as possible.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2024-03-21
LAST MODIFIED2025-02-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-29131 | Apache Commons Configuration up to 2.10.0 out-of-bounds write (FEDORA-2024-c673517dce / Nessus ID 209234)
vuldb.com2024-10-17
CVE-2024-29131 | Apache Commons Configuration up to 2.10.0 out-of-bounds write (FEDORA-2024-c673517dce / Nessus ID 209234) | A vulnerability, which was classified as critical, has been found in Apache Commons Configuration up to 2.10.0. Affected by this issue is some unknown functionality of the component Configuration Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-29131</a
cve-2024-29131
domains
urls
cves
Atlassian fixed six high-severity bugs in Confluence Data Center and Server
Pierluigi Paganini2024-06-20
Atlassian fixed six high-severity bugs in Confluence Data Center and Server | Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions. Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe issue addressed by the company is an improper authorization org.springframework.security:spring-security-core dependency in Confluence Data Center and Server. The flaw tracked as CVE-2024-22257 [&#8230;]
securityaffairs.co
rss
forum
news
CVE-2024-29131 | Apache Commons Configuration up to 2.10.0 out-of-bounds write (FEDORA-2024-c673517dce)
vuldb.com2024-05-03
CVE-2024-29131 | Apache Commons Configuration up to 2.10.0 out-of-bounds write (FEDORA-2024-c673517dce) | A vulnerability, which was classified as critical, has been found in Apache Commons Configuration up to 2.10.0. Affected by this issue is some unknown functionality of the component Configuration Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-29131. Access to
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
[email protected]https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
[email protected]https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/20/4
[email protected]https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/03/20/4
AF854A3A-2127-422B-91AE-364DA2661108https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20241213-0001/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/20/4
[email protected]https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence