We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10964

emqx neuron plugin_handle.c handle_add_plugin buffer overflow



Description

EN DE

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

Es wurde eine kritische Schwachstelle in emqx neuron bis 2.10.0 entdeckt. Es betrifft die Funktion handle_add_plugin in der Bibliothek cmd.library der Datei plugins/restful/plugin_handle.c. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Als bestmögliche Massnahme wird Patching empfohlen.

Reserved 2024-11-07 | Published 2024-11-07 | Updated 2024-11-08 | Assigner VulDB


MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

Problem types

Buffer Overflow

Memory Corruption

Product status

2.0
affected

2.1
affected

2.2
affected

2.3
affected

2.4
affected

2.5
affected

2.6
affected

2.7
affected

2.8
affected

2.9
affected

2.10
affected

Timeline

2024-11-07:Advisory disclosed
2024-11-07:VulDB entry created
2024-11-07:VulDB entry last update

Credits

susu199 (VulDB User) reporter

References

vuldb.com/?id.283410 (VDB-283410 | emqx neuron plugin_handle.c handle_add_plugin buffer overflow) vdb-entry technical-description

vuldb.com/?ctiid.283410 (VDB-283410 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.435372 (Submit #435372 | emqx neuron neuron version ≤ 2.10.0 Buffer Overflow) third-party-advisory

github.com/emqx/neuron/issues/2280 issue-tracking

github.com/emqx/neuron/pull/2286 issue-tracking

github.com/...mmits/3e3a583d72548af1740b3e61a5eab3b628cc439e issue-tracking patch

cve.org (CVE-2024-10964)

nvd.nist.gov (CVE-2024-10964)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10964

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.