CVE-2024-23084

HIGH

Apfloat 1.10.1 - Array Index Out of Bounds Write in DoubleCRTMath

Title source: llm

Description

Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

References (3)

Core 3

Core References

Product

http://apfloat.com

Third Party Advisory

https://gist.github.com/LLM4IG/5b7dd0a87db14d9c95d4c0ea62e0195b

Product

https://github.com/mtommila/apfloat

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0076

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (1)

mikkotommila/apfloat 1.10.1

Published Apr 08, 2024

Tracked Since Feb 18, 2026