Executive Summary
| Summary | |
|---|---|
| Title | A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server |
| Informations | |||
|---|---|---|---|
| Name | VU#138043 | First vendor Publication | 2024-09-19 |
| Vendor | VU-CERT | Last vendor Modification | 2024-09-19 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
OverviewA stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework (ASF) that can lead to remote code execution. DescriptionAn implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The software is no longer supported by the vendor. Because this vulnerability is in IoT-centric code, it is likely to surface in many places in the wild. CVE-2024-7490 There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution. ImpactThis vulnerability can be tested by sending a single DHCP Request packet to a multicast address. This vulnerability exists in the current version of ASF 3.52.0.2574 and all previous versions of the software. There are also multiple forks of the tinydhcp software in github that are also potentially susceptible to this vulnerability. SolutionThe CERT/CC is currently unaware of a practical solution to this problem other than replacing the tinydhcp service with another one that does not have the same issue. AcknowledgementsThanks to the reporter Andrue Coombes of Amazon Element55. This document was written by Timur Snoke. |
Original Source
| Url : https://kb.cert.org/vuls/id/138043 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
Alert History
| Date | Informations |
|---|---|
| 2024-09-19 17:22:14 |
|
