Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-24294
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ReDoS in Apache MXNet RTC Module
Source: NVD (National Vulnerability Database)
Vulnerability Description
A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache MXNet 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache MXNet是美国阿帕奇(Apache)基金会的一个开源深度学习软件框架。用于训练及部署深度神经网络。 Apache MXNet (incubating) 1.9.1 之前版本存在安全漏洞,该漏洞源于使用的正则表达式容易因过度消耗资源而受到潜在的拒绝服务攻击,当在Apache MXNet中加载具有特制运算符名称的模型时,该错误可能会被利用,这会导致正则表达式评估使用过多的资源来尝试匹配。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache MXNet unspecified ~ 1.9.1 -
II. Public POCs for CVE-2022-24294
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-24294
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Apache MXNet
Same vendor: Apache Software Foundation
Same weakness: CWE-400
V. Comments for CVE-2022-24294

No comments yet

Leave a comment