CVE-2024-10964

Summary

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
emqxneuron2.0affected
emqxneuron2.1affected
emqxneuron2.2affected
emqxneuron2.3affected
emqxneuron2.4affected
emqxneuron2.5affected
emqxneuron2.6affected
emqxneuron2.7affected
emqxneuron2.8affected
emqxneuron2.9affected
emqxneuron2.10affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References