CVE-2024-10964

Exploit

EPSS 0.64%
Veröffentlicht 07.11.2024 17:15:06
Zuletzt bearbeitet 26.11.2024 01:36:31
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

emqx neuron plugin_handle.c handle_add_plugin buffer overflow

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emqx ≫ Neuron Version <= 2.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.457

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://github.com/emqx/neuron/issues/2280

Third Party Advisory

Exploit

Issue Tracking

https://github.com/emqx/neuron/pull/2286

Patch

https://github.com/emqx/neuron/pull/2286/commits/3e3a583d72548af1740b3e61a5eab3b628cc439e

Patch

https://vuldb.com/?ctiid.283410

Permissions Required

https://vuldb.com/?id.283410

Third Party Advisory

https://vuldb.com/?submit.435372

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-10964

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10964

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10964

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10964