CVE-2024-42284

tipc: Return non-zero value from tipc_udp_addr2str() on error

Severity Score

7.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tipc: Return non-zero value from tipc_udp_addr2str() on error

tipc_udp_addr2str() should return non-zero value if the UDP media
address is invalid. Otherwise, a buffer overflow access can occur in
tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP
media address.

*Credits: N/A

CVSS Scores

Red Hatv3.1 7.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-08-17 CVE Published
2024-08-20 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-393: Return of Wrong Status Code

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b	2024-08-19
https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f	2024-08-19
https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8	2024-08-19
https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69	2024-08-19
https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813	2024-08-03
https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28	2024-08-03
https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a	2024-08-03
https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076	2024-07-24

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42284	2024-11-05
https://bugzilla.redhat.com/show_bug.cgi?id=2305429	2024-11-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 4.19.320 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 4.19.320"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 5.4.282 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 5.4.282"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 5.10.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 5.10.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.1 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.11"		en		Affected