Skip to main content

Advanced Software Framework CVE-2024-7490

CRITICAL
Classic Buffer Overflow (CWE-120)
2024-08-08 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
9.5
CVSS 4.0 · Vendor: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Share

Severity by source

Vendor (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5) PRIMARY
9.5 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5) · only source for this CVE.

CVSS VectorVendor: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Aug 08, 2024 - 15:15 cve.org
CRITICAL 9.5

DescriptionCVE.org

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.

This issue affects Advanced Software Framework: through 3.52.0.2574.

ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

AnalysisAI

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework. Affected products include: Microchip Advanced Software Framework. Version information: through 3.52.0.2574..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

Share

CVE-2024-7490 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy