CVE-2024-0081 - Vulnerability Details - OpenCVE

NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nvidia	Nemo

Configuration 1 [-]

cpe:2.3:a:nvidia:nemo:1.22.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx

History

Fri, 10 Oct 2025 18:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:nvidia:nemo:1.22.0:::::::*

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2024-04-05T18:13:24.392Z

Updated: 2024-08-01T17:41:15.959Z

Reserved: 2023-12-02T00:41:52.390Z

Link: CVE-2024-0081

Vulnrichment

Updated: 2024-08-01T17:41:15.959Z

NVD

Status : Analyzed

Published: 2024-04-05T19:15:07.033

Modified: 2025-10-10T17:47:35.173

Link: CVE-2024-0081

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0081", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-12-02T00:41:52.390Z", "datePublished": "2024-04-05T18:13:24.392Z", "dateUpdated": "2024-08-01T17:41:15.959Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NeMo", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "NVIDIA Neural Modules 1.22.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.</span>\n\n"}], "value": "\nNVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-04-05T18:13:24.392Z"}, "references": [{"url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "nvidia", "product": "nemo", "cpes": ["cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.22.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-08T13:16:29.401399Z", "id": "CVE-2024-0081", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T15:31:40.706Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:15.959Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:15.959Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-08T13:16:29.401399Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*"], "vendor": "nvidia", "product": "nemo", "versions": [{"status": "affected", "version": "1.22.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T15:31:37.526Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "NeMo", "versions": [{"status": "affected", "version": "NVIDIA Neural Modules 1.22.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nNVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-04-05T18:13:24.392Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0081", "state": "PUBLISHED", "dateUpdated": "2024-08-01T17:41:15.959Z", "dateReserved": "2023-12-02T00:41:52.390Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2024-04-05T18:13:24.392Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:nemo:1.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "72F34B80-0001-47B2-BA18-8DBFA961C709", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nNVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.\n\n"}, {"lang": "es", "value": "El framework NVIDIA NeMo para Ubuntu contiene una vulnerabilidad en tools/asr_webapp donde un atacante puede provocar una asignaci\u00f3n de recursos sin l\u00edmites ni estrangulaciones. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio del lado del servidor."}], "id": "CVE-2024-0081", "lastModified": "2025-10-10T17:47:35.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@nvidia.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-05T19:15:07.033", "references": [{"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}