CVE-2023-40711

HIGH EXPLOITED IN THE WILD

Veilid < 0.1.9 - Denial of Service via Uncompressed Data Size Mismatch

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-40711 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0074
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2023-08-19
InTheWild.io 2023-08-20
CWE
CWE-787
Status published
Products (1)
veilid/veilid < 0.1.9
Published Aug 20, 2023
Tracked Since Feb 18, 2026