CVE-2024-7490
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.
This issue affects Advanced Software Framework: through 3.52.0.2574.
ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microchip Techology | Advanced Software Framework | 0 <= 3.52.0.2574 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Workarounds
The issue can be mitigated by adding a check to the size variable after the call [1] to pbuf_get_at on line 127 [1]. If the size variable is not 4, then the function should cease processing and return. The lwip_dhcp_find_option function is only used to find this one option.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.