Lucene search

Dc3f6da9-85b5-4a73-84a2-2ec90b40fca5NVD:CVE-2024-7490

HistoryAug 08, 2024 - 3:15 p.m.

CVE-2024-7490

2024-08-0815:15:19

CWE-20

CWE-120

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

web.nvd.nist.gov

microchip technology

input validation

remote code execution

buffer overflow

advanced software framework

dhcp server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.1%

JSON

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow.
This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.

This issue affects Advanced Software Framework: through 3.52.0.2574.

ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

Affected configurations

Nvd

Node

microchipadvanced_software_frameworkRange≤3.52.0.2574

VendorProductVersionCPE
microchipadvanced_software_framework*cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microchip	advanced_software_framework	*	cpe:2.3:a:microchip:advanced_software_framework::::::::

References

www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.1%

JSON

Related for NVD:CVE-2024-7490