CVE-2023-40711
HIGH EXPLOITED IN THE WILDVeilid < 0.1.9 - Denial of Service via Uncompressed Data Size Mismatch
Title source: llmExploitation Summary
CVE-2023-40711 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.
References (1)
Core 1
Core References
Scores
CVSS v3
7.5
EPSS
0.0074
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2023-08-19
InTheWild.io
2023-08-20
CWE
CWE-787
Status
published
Products (1)
veilid/veilid
< 0.1.9
Published
Aug 20, 2023
Tracked Since
Feb 18, 2026