CVE-2024-22871

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hackmd.io/%40fe1w0/rymmJGida	Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/	Third Party Advisory
https://hackmd.io/%40fe1w0/rymmJGida	Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:clojure:clojure::::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha1::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha2::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha3::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha4::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha5::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha6::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha7::::::
	cpe:2.3:a:clojure:clojure:1.12.0:alpha8::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

History

28 May 2025, 19:56

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:a:clojure:clojure:1.12.0:alpha1:::::: cpe:2.3:a:clojure:clojure:1.12.0:alpha3:::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:a:clojure:clojure:1.12.0:alpha8:::::: cpe:2.3:a:clojure:clojure:1.12.0:alpha4:::::: cpe:2.3:a:clojure:clojure:1.12.0:alpha2:::::: cpe:2.3:a:clojure:clojure:::::::: cpe:2.3:o:fedoraproject:fedora:40:::::::* cpe:2.3:a:clojure:clojure:1.12.0:alpha5:::::: cpe:2.3:a:clojure:clojure:1.12.0:alpha7:::::: cpe:2.3:a:clojure:clojure:1.12.0:alpha6::::::
References	~~() https://hackmd.io/%40fe1w0/rymmJGida -~~	() https://hackmd.io/%40fe1w0/rymmJGida - Exploit
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/ - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/ - Third Party Advisory
First Time		Fedoraproject fedora Fedoraproject Clojure clojure Clojure

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://hackmd.io/%40fe1w0/rymmJGida -~~	() https://hackmd.io/%40fe1w0/rymmJGida -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/ -

13 Aug 2024, 19:35

Type	Values Removed	Values Added
CWE		CWE-502
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

24 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/ -

23 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/ -
Summary		(es) Un problema en las versiones 1.20 a 1.12.0-alpha5 de Clojure permite que un atacante provoque una denegación de servicio (DoS) a través de la función clojure.core$partial$fn__5920.

29 Feb 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-29 02:15

Updated : 2025-05-28 19:56

NVD link : CVE-2024-22871

Mitre link : CVE-2024-22871

CVE.ORG link : CVE-2024-22871

JSON object : View

Products Affected

clojure

clojure

fedoraproject

fedora

CWE

CWE-502

Deserialization of Untrusted Data

7.5 /10