Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7490

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

Published

2024-08-08T15:15:19.057

Last Modified

2024-11-21T09:51:35.350

Status

Modified

Source

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-20
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microchip	advanced_software_framework	≤ 3.52.0.2574	Yes

References

https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework Vendor Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)
https://www.kb.cert.org/vuls/id/138043 (af854a3a-2127-422b-91ae-364da2661108)