CVE-2024-0581: Uncontrolled Resource Consumption vulnerability on Sandsprite scdbg

4.0 CVSS

Description

An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan.

Classification

CVE ID: CVE-2024-0581

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.0

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem Types

CWE-400 Uncontrolled Resource Consumption

Affected Products

Vendor: Sandsprite

Product: Scdbg

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 18.51% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0581
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg

Timeline

2025-06-02 16:40:12 UTC
CVE

Uncontrolled Resource Consumption vulnerability on Sandsprite scdbg