CVE-2024-10395

Summary

No proper validation of the length of user input in http_server_get_content_type_from_extension.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtosZephyr* <= 3.7affected

Weaknesses

  • CWE-127: Buffer Under-read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References