CVE-2024-2365 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-2365 at MITRE

Description

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`docker-stable >= 24.0.9_ce-6.1` `docker-stable-bash-completion >= 24.0.9_ce-6.1` `docker-stable-buildx >= 0.19.3-6.1` `docker-stable-fish-completion >= 24.0.9_ce-6.1` `docker-stable-rootless-extras >= 24.0.9_ce-6.1` `docker-stable-zsh-completion >= 24.0.9_ce-6.1`	Patchnames: openSUSE-Tumbleweed-2024-14598

SUSE Timeline for this CVE

CVE page created: Mon Mar 11 03:00:14 2024
CVE page last modified: Thu Dec 19 00:52:42 2024