exploitDog

CVE-2024-7490

Опубликовано: 08 авг. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.

This issue affects Advanced Software Framework: through 3.52.0.2574.

ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

Ссылки

https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework
Vendor Advisory
https://www.kb.cert.org/vuls/id/138043
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*

Версия до 3.52.0.2574 (включая)

EPSS

Процентиль: 90%

0.05491

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-120

CWE-120

Связанные уязвимости

GHSA-m5xv-fggp-4j5r

CVSS3: 9.8

github

больше 1 года назад

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574.

EPSS

Процентиль: 90%

0.05491

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-120

CWE-120