CVE-2024-10964

emqx neuron plugin_handle.c handle_add_plugin buffer overflow

Description

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

INFO

Published Date :

2024-11-07T17:00:09.615Z

Last Modified :

2024-11-08T16:54:35.833Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2024-10964 vulnerability.

Vendors	Products
Emqx	Neuron

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10964.

URL	Resource
https://github.com/emqx/neuron/issues/2280
https://github.com/emqx/neuron/pull/2286
https://github.com/emqx/neuron/pull/2286/commits/3e3a583d72548af1740b3e61a5eab3b628cc439e
https://vuldb.com/?ctiid.283410
https://vuldb.com/?id.283410
https://vuldb.com/?submit.435372

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact