Resource exhaustion in Speaker
CVE-2024-21526
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability ca…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.006 (42.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- N/a Speaker — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-21526?
- CVE-2024-21526 is a high-severity vulnerability in Speaker, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2024-07-10.
- How severe is CVE-2024-21526?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2024-21526 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.