CVE-2024-7490

CVSS V2 None CVSS V3 None

Description

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

Overview

CVE ID
CVE-2024-7490

Assigner
Microchip

Vulnerability Status
PUBLISHED

Published Version
2024-08-08T15:01:09.055Z

Last Modified Date
2024-08-08T16:30:11.768Z

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html
CWE-20	http://cwe.mitre.org/data/definitions/20.html

References

Reference URL	Reference Tags
https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework	product

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-7490
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7490

History

Created	Old Value	New Value	Data Type	Notes
2024-08-09 13:07:08				Added to TrackCVE