CVE-2023-29487

CRITICAL

Heimdalsecurity Thor < 3.5.3 - Denial of Service

Title source: rule

Description

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.

References (1)

[Exploit, Third Party Advisory] https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93

Scores

CVSS v3 9.1

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (1)

heimdalsecurity/thor < 3.5.3

Published Dec 21, 2023

Tracked Since Feb 18, 2026