Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack
Vulnerability Description
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode payload. This can get worse with the use of special Unicode characters like U+2100 (℀), or U+2105 (℅) which could lead the payload size to be tripled. Versions prior to 2.1.11 are affected by this vulnerability. The patch is included in 2.1.11.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Yeti Platform 安全漏洞
Vulnerability Description
Yeti Platform是Yeti Platform开源的一个日常威胁情报平台。 Yeti Platform 2.1.11之前版本存在安全漏洞,该漏洞源于远程用户控制的数据标签可以通过兼容形式NFKD达到Unicode规范化,从而导致拒绝服务的攻击。
CVSS Information
N/A
Vulnerability Type
N/A