Page 27 of 38455 results (0.033 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. ... El firmware Meshtastic no comprueba los paquetes que dicen provenir de la dirección de difusión especial (0xFFFFFFFF), lo que podría generar un comportamiento inesperado y la posibilidad de ataques DDoS en la red. • https://github.com/meshtastic/firmware/security/advisories/GHSA-xfmq-5j3j-vgv8 • CWE-138: Improper Neutralization of Special Elements CWE-159: Improper Handling of Invalid Use of Special Elements •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

Transient DOS while processing the CU information from RNR IE. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-126: Buffer Over-read •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Transient DOS while parsing BTM ML IE when per STA profile is not included. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-126: Buffer Over-read •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Transient DOS while parsing fragments of MBSSID IE from beacon frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-617: Reachable Assertion •