CVE-2024-56317

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.

En Matter (también conocido como connectedhomeip o Project CHIP) hasta la versión 1.4.0.0, la función WriteAcl elimina primero todas las entradas de ACL existentes y luego intenta volver a crearlas en función de la entrada del usuario. Si la validación de la entrada falla durante la decodificación, el proceso se detiene y access-control-server.cpp no restaura ninguna entrada, es decir, se produce una denegación de servicio.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-18 CVE Reserved
2024-12-18 CVE Published
2024-12-18 CVE Updated
2024-12-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-281: Improper Preservation of Permissions

CAPEC

References (1)

URL	Tag	Source
https://github.com/project-chip/connectedhomeip/issues/36535

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Matter Search vendor "Matter"		Matter Search vendor "Matter" for product "Matter"				<= 1.4.0.0 Search vendor "Matter" for product "Matter" and version " <= 1.4.0.0"		en		Affected