{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T04:38:25.845","vulnerabilities":[{"cve":{"id":"CVE-2026-24738","sourceIdentifier":"security-advisories@github.com","published":"2026-01-27T21:16:03.117","lastModified":"2026-06-17T10:23:30.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well outside what would be available in ICs. It can accept something all the way up to 4GB which would take too many iterations in 256 byte chunks, and would also try to allocate memory that might not be available in constrained environments like phones. Or if an API sends data  to ReadFile, the same problem applies. The very small chunked read also locks the goroutine in  accepting data for a very large number of iterations.  projects using the gmrtd library to read files from NFCs can experience extreme slowdowns or memory consumption. A malicious NFC can just behave like the mock transceiver described above and by just sending dummy bytes as each chunk to be read, can make the receiving thread unresponsive and fill up memory on the host system. Version 0.17.2 patches the issue."},{"lang":"es","value":"gmrtd es una librería Go para leer Documentos de Viaje de Lectura Mecánica (MRTDs). Antes de la versión 0.17.2, ReadFile acepta TLVs con longitudes que pueden oscilar hasta 4GB, lo que puede causar un consumo de recursos sin restricciones tanto en memoria como en ciclos de CPU. ReadFile puede consumir un TLV extendido con longitudes muy superiores a lo que estaría disponible en los ICs. Puede aceptar algo de hasta 4GB, lo que requeriría demasiadas iteraciones en bloques de 256 bytes, y también intentaría asignar memoria que podría no estar disponible en entornos restringidos como los teléfonos. O si una API envía datos a ReadFile, el mismo problema se aplica. La lectura en bloques muy pequeños también bloquea la goroutine al aceptar datos durante un número muy grande de iteraciones. Los proyectos que utilizan la librería gmrtd para leer archivos de NFCs pueden experimentar ralentizaciones extremas o consumo de memoria. Un NFC malicioso puede simplemente comportarse como el transceptor simulado descrito anteriormente y, simplemente enviando bytes ficticios como cada bloque a leer, puede hacer que el hilo receptor no responda y llenar la memoria del sistema anfitrión. La versión 0.17.2 corrige el problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gmrtd","product":"gmrtd","versions":[{"version":"< 0.17.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-28T15:16:00.633201Z","id":"CVE-2026-24738","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gmrtd:gmrtd:*:*:*:*:*:go:*:*","versionEndExcluding":"0.17.2","matchCriteriaId":"BE705F0C-A471-470A-95EC-5C516461B97C"}]}]}],"references":[{"url":"https://github.com/gmrtd/gmrtd/commit/54469a95e5a20a8602ac1457b2110bfeb80c8891","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/gmrtd/gmrtd/releases/tag/v0.17.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/gmrtd/gmrtd/security/advisories/GHSA-j49h-6577-5xwq","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}