CVE-2024-7490

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*

History

12 Aug 2024, 15:22

Type	Values Removed	Values Added
First Time		Microchip Microchip advanced Software Framework
Summary		(es) Una vulnerabilidad de validación de entrada incorrecta en el servidor DHCP de ejemplo de Microchip Techology Advanced Software Framework puede provocar la ejecución remota de código a través de un desbordamiento del búfer. Esta vulnerabilidad está asociada con los archivos de programa tinydhcpserver.C y las rutinas de programa lwip_dhcp_find_option. Este problema afecta a Advanced Software Framework: hasta 3.52.0.2574. La PPA ya no recibe apoyo. Aplique workaround proporcionado o migre a un framework fabricado activamente.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:microchip:advanced_software_framework::::::::
References	~~() https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework -~~	() https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework - Vendor Advisory

08 Aug 2024, 16:15

Type	Values Removed	Values Added
Summary	(en) Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574.	(en) Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

08 Aug 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-08 15:15

Updated : 2024-08-12 15:22

NVD link : CVE-2024-7490

Mitre link : CVE-2024-7490

CVE.ORG link : CVE-2024-7490

JSON object : View

Products Affected

microchip

advanced_software_framework

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-20

Improper Input Validation

9.8 /10