CVE-2024-12345
6.70.05%
CVE-2024-12345: The Ghost in the Shell – Anatomy of a Canary CVE
Alon Barad
Software EngineerJan 1, 2026·5 min read·4 visits
No Known Exploit
Executive Summary (TL;DR)
CVE-2024-12345 describes a DoS vulnerability in a non-existent product ('INW Krbyyyzo'). While technically describing a Resource Consumption flaw (CWE-400), it serves as a fascinating case study in vulnerability database integrity and scraper traps rather than a patchable threat.
An analysis of the peculiar 'INW Krbyyyzo' vulnerability, a likely placeholder or 'canary' entry designed to track scraping behavior, disguised as a classic ASP.NET resource exhaustion flaw.
Technical Appendix
CVSS Score
6.7/ 10
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:NEPSS Probability
0.05%
Top 100% most exploited
Affected Systems
INW Krbyyyzo (Fictional)Daily Huddle Site (Fictional)
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
INW Krbyyyzo INW | 25.2002 | None |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-400 (Resource Consumption) |
| CVSS v4.0 | 6.7 (Medium) |
| Attack Vector | Local / Network (Ambiguous) |
| EPSS Score | 0.00053 (Negligible) |
| Vulnerability Status | Canary / Placeholder |
| Affected File | /gbo.aspx |
| Vendor | INW (Likely Fictional) |
MITRE ATT&CK Mapping
CWE-400
Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Known Exploits & Detection
Vulnerability Timeline
CVE Published to NVD
2025-01-27
VulDB Entry Created
2025-01-27