Login Sign Up

CVE-2024-23084

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2024-23084 is a disputed vulnerability in Apfloat v1.10.1 where an ArrayIndexOutOfBoundsException occurs in the DoubleCRTMath::add method. If exploitable, it could potentially cause denial of service or unexpected behavior in applications using this library for arbitrary-precision arithmetic. The vulnerability is disputed by third parties who question the evidence and methodology used for its identification.

💻 Affected Systems

Products:
  • Apfloat
Versions: v1.10.1
Operating Systems: All platforms running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications that use the specific DoubleCRTMath::add method with problematic inputs. The vulnerability is disputed by multiple third parties.

📦 What is this software?

Apfloat by Mikkotommila

View all CVEs affecting Apfloat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potentially disrupting services that rely on Apfloat for mathematical computations.

🟠

Likely Case

Application instability or crashes when processing specific mathematical operations, though exploitation evidence is disputed.

🟢

If Mitigated

Minimal impact if proper input validation and error handling are implemented in the application layer.

🌐 Internet-Facing: LOW
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

No public exploit available. The vulnerability is disputed, and exploitation would require specific conditions in application usage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists due to the disputed nature. Consider updating to newer versions if available, or implement workarounds.

🔧 Temporary Workarounds

Input validation wrapper

all

Implement custom input validation before calling the DoubleCRTMath::add method to prevent out-of-bounds conditions.

Error handling enhancement

all

Add robust try-catch blocks around calls to the affected method to handle ArrayIndexOutOfBoundsException gracefully.

🧯 If You Can't Patch

  • Monitor application logs for ArrayIndexOutOfBoundsException errors related to Apfloat operations.
  • Restrict access to functionality that uses the DoubleCRTMath::add method to trusted users only.

🔍 How to Verify

Check if Vulnerable:

Check if your application uses Apfloat v1.10.1 and calls the DoubleCRTMath::add method. Review code for potential input validation gaps.

Check Version:

Check your project's dependency files (e.g., pom.xml for Maven, build.gradle for Gradle) for 'apfloat' version 1.10.1.

Verify Fix Applied:

Test mathematical operations that previously triggered exceptions to ensure they now handle errors properly or no longer occur.

📡 Detection & Monitoring

Log Indicators:

  • java.lang.ArrayIndexOutOfBoundsException in org.apfloat.internal.DoubleCRTMath.add

SIEM Query:

source="application_logs" AND "ArrayIndexOutOfBoundsException" AND "DoubleCRTMath.add"

📊 Metadata

CVE ID: CVE-2024-23084
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-129
Published: April 8, 2024
Last Updated: June 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23084, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)