6.7
CVE-2024-42642
- EPSS 1.54%
- Veröffentlicht 04.09.2024 20:15:07
- Zuletzt bearbeitet 05.02.2026 15:16:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMicron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Crucial ≫ Mx500 Firmware Versionm3cr046
Crucial ≫ Ct1000mx500ssd1 Version-
Crucial ≫ Ct2000mx500ssd1 Version-
Crucial ≫ Ct250mx500ssd1 Version-
Crucial ≫ Ct4000mx500ssd1 Version-
Crucial ≫ Ct500mx500ssd1 Version-
Crucial ≫ Ct2000mx500ssd1 Version-
Crucial ≫ Ct250mx500ssd1 Version-
Crucial ≫ Ct4000mx500ssd1 Version-
Crucial ≫ Ct500mx500ssd1 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.54% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.