CVE-2024-45769

Pcp: pmcd heap corruption through metric pmstore operations

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.

Se encontró una vulnerabilidad en Performance Co-Pilot (PCP). Esta falla permite que un atacante envíe datos especialmente manipulados al sistema, lo que podría provocar que el programa funcione mal o se bloquee.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-06 CVE Reserved
2024-09-19 CVE Published
2024-09-20 EPSS Updated
2024-12-26 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (11)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:6837	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6840	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6842	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6843	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6844	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6846	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6847	2024-09-19
https://access.redhat.com/errata/RHSA-2024:6848	2024-09-19
https://access.redhat.com/security/cve/CVE-2024-45769	2024-09-19
https://bugzilla.redhat.com/show_bug.cgi?id=2310452	2024-09-19
https://access.redhat.com/errata/RHSA-2024:9452	2024-12-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Aus Search vendor "Redhat" for product "Rhel Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel E4s Search vendor "Redhat" for product "Rhel E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Tus Search vendor "Redhat" for product "Rhel Tus"				*		-		Affected
Alma Search vendor "Alma"		Linux Search vendor "Alma" for product "Linux"				*		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Aus Search vendor "Redhat" for product "Rhel Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel E4s Search vendor "Redhat" for product "Rhel E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Tus Search vendor "Redhat" for product "Rhel Tus"				*		-		Affected
Rocky Search vendor "Rocky"		Linux Search vendor "Rocky" for product "Linux"				*		-		Affected
Suse Search vendor "Suse"		Sle-module-development-tools Search vendor "Suse" for product "Sle-module-development-tools"				*		-		Affected