CVE Catalog

CVE-2024-23081

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A NullPointerException was discovered in ThreeTen Backport v1.6.8 in the org.threeten.bp.LocalDate::compareTo(ChronoLocalDate) component. However, multiple third parties dispute the validity of this finding, suggesting it may be based on an insufficiently robust vulnerability identification tool.

Risk Assessment

If genuine, this vulnerability could cause application crashes (DoS) when processing dates. However, due to the disputed nature of the report, the actual risk is uncertain.

Recommendation

Monitor official updates for the ThreeTen Backport library and consider implementing temporary mitigations such as input validation before using the compareTo method.

Original NVD description (English source)

ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS