8.6
CVE-2024-10395
- EPSS 0.29%
- Veröffentlicht 03.02.2025 07:15:09
- Zuletzt bearbeitet 29.10.2025 15:19:30
- Quelle vulnerabilities@zephyrproject.
- CVE-Watchlists
- Unerledigt
LoginNo proper validation of the length of user input in http_server_get_content_type_from_extension.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zephyrproject ≫ Zephyr Version <= 3.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.521 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| vulnerabilities@zephyrproject.org | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-127 Buffer Under-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.