Description
An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file
References (6)
Core 6
Core References
Various Sources
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png
Various Sources
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.md
Various Sources
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/poc/I7K9QM~F
Issue Tracking
https://github.com/taurusxin/ncmdump/issues/19
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Published
May 20, 2024
Tracked Since
Feb 18, 2026