Rewterz Threat Advisory – CVE-2023-52079 – Node.js msgpackr Vulnerability

Rewterz Threat Alert – Bitter APT Group – Active IOCs

January 2, 2024

Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities

January 2, 2024

Rewterz Threat Advisory – CVE-2023-52079 – Node.js msgpackr Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-52079

Node.js msgpackr module is vulnerable to a denial of service, caused by an infinite recursion flaw during conversion of property names to strings. By sending a specially crafted MessagePack messages, a remote attacker could exploit this vulnerability to keep the decoder stuck in a loop, and results in a denial of service condition.

Impact

Denial of Service

Indicators Of Compromise

CVE

CVE-2023-52079

Affected Vendors

Node.js

Affected Products

Node.js msgpackr 1.10.0

Remediation

Upgrade to the latest version of msgpackr, available from the msgpackr GIT Repository.

msgpackr GIT Repository

Rewterz Threat Alert – Bitter APT Group – Active IOCs

Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities

Rewterz Threat Advisory – CVE-2023-52079 – Node.js msgpackr Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan