CVE-2024-7490

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7490
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework Vendor Advisory
https://www.kb.cert.org/vuls/id/138043
Configurations

Configuration 1 (hide)

cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*
History

21 Nov 2024, 09:51

Type Values Removed Values Added
References
  • () https://www.kb.cert.org/vuls/id/138043 -

12 Aug 2024, 15:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework - () https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework - Vendor Advisory
First Time Microchip
Microchip advanced Software Framework
Summary
  • (es) Una vulnerabilidad de validación de entrada incorrecta en el servidor DHCP de ejemplo de Microchip Techology Advanced Software Framework puede provocar la ejecución remota de código a través de un desbordamiento del búfer. Esta vulnerabilidad está asociada con los archivos de programa tinydhcpserver.C y las rutinas de programa lwip_dhcp_find_option. Este problema afecta a Advanced Software Framework: hasta 3.52.0.2574. La PPA ya no recibe apoyo. Aplique workaround proporcionado o migre a un framework fabricado activamente.
CPE cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*

08 Aug 2024, 16:15

Type Values Removed Values Added
Summary (en) Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. (en) Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

08 Aug 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-08 15:15

Updated : 2024-11-21 09:51

NVD link : CVE-2024-7490

Mitre link : CVE-2024-7490

CVE.ORG link : CVE-2024-7490

JSON object : View

Products Affected

microchip

  • advanced_software_framework
CWE
CWE-20

Improper Input Validation

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024