CVE-2024-36671

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-36671
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36671.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36671
Published
2024-11-29T15:15:17.027Z
Modified
2026-04-12T08:40:54.553962Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.

References

Affected packages

Git / github.com/nodemcu/nodemcu-firmware

Affected ranges

Type
GIT
Repo
https://github.com/nodemcu/nodemcu-firmware
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4b92eab71a3573a3f948977878514de7def76ff8
Fixed
193fe3593eb1537667179089535cdb7457327887
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "v3.0.0-release_20240225"
        }
    ]
}

Affected versions

0.*
0.9.5_20150318
0.9.6-dev_20150625
0.9.6-dev_20150627
1.*
1.4.0-master_20151229
1.5.1-master_20160603
1.5.4.1-master_20160802
1.5.4.1-master_20161001
1.5.4.1-master_20161201
2.*
2.0.0-master_20170202
2.1.0-master_20170521
2.1.0-master_20170811
2.1.0-master_20170824
2.2.0-master_20180402
2.2.0-master_20180608
2.2.1-master_20180915
2.2.1-master_20181207
2.2.1-master_20190405
Other
20150213
3.*
3.0-master_20190907
3.0-master_20200610
3.0-master_20200910
3.0-release_20200910
3.0-release_20201107
3.0.0-release_20210201
3.0.0-release_20211229

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/lua/luac_cross/luac.c"
        },
        "id": "CVE-2024-36671-3e1c687a",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "165526976446728282179721291465098003693",
                "67533136828261785165845379950519718456",
                "234624432670345480240098546690494913656",
                "85353206519526045087760257000790209894",
                "151669601506955497285741728769286511839"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/modules/pipe.c",
            "function": "pipe_create"
        },
        "id": "CVE-2024-36671-4bc38981",
        "deprecated": false,
        "digest": {
            "function_hash": "182352665236977211596008024531104214733",
            "length": 738.0
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/modules/color_utils.c"
        },
        "id": "CVE-2024-36671-5a684d5a",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "135293912379479425832494769242786965277",
                "199368059245489020085602987930293523993",
                "152630218327863896858779784050444420989",
                "187927016100046827094034416463712902043",
                "23406288968504426559354781077681465164",
                "227809396006886097334944749564585023014",
                "305573116488075562440457396318559793069",
                "141161249152614204923235370378926147164",
                "35969508396110552031556581238366402318"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/lua/linit.c"
        },
        "id": "CVE-2024-36671-7665b6b1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "262569712250752632620881857107824199431",
                "108849166706762688234053878495191959052",
                "259986484524160432055938300960983566427",
                "230438464507691708723476476924835326570",
                "92874218047919183012789450747365213221",
                "287109850292785334097417221311787567384",
                "189749150458833299894443623039076836433",
                "81721188323076906133205076034425765798",
                "252509851118148729674609357348224237409",
                "132741071033005450658629878351526083368",
                "327238764355530685897007840809964251062",
                "425323071434165100633417055549503063",
                "50539770357897886960015736224542120466",
                "209424037438110226882968496823308952458",
                "207985521372826876345747054525024274100",
                "271065613283064373209169829747251592484",
                "253847950700123445774369667529184029779"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/modules/pipe.c"
        },
        "id": "CVE-2024-36671-7d2e5df5",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "144619212903235998970224493833665104040",
                "197755266231201920828104078865005237009",
                "252514398301294520791151463002975522072",
                "321015372755843863567400632897550365794",
                "312884997555763181777692738463650166903",
                "11986468834996967669582675154879423888",
                "246448165086358855443011887128429995421",
                "18137303215956527867979991082440111202",
                "147295200295973583023355740235152406775",
                "161649543978959193409097636945769651338",
                "4273255583193039031449262129618749066",
                "11554853770024487621611918378376093304"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/lua/luac_cross/luac.c",
            "function": "pmain"
        },
        "id": "CVE-2024-36671-bac43903",
        "deprecated": false,
        "digest": {
            "function_hash": "284987886228535607953240243927825071165",
            "length": 1557.0
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/modules/color_utils.h"
        },
        "id": "CVE-2024-36671-bc33443e",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "48149716188825734357688265724358001338",
                "135293912379479425832494769242786965277",
                "199368059245489020085602987930293523993",
                "152630218327863896858779784050444420989",
                "187927016100046827094034416463712902043",
                "23406288968504426559354781077681465164",
                "227809396006886097334944749564585023014",
                "223819810150619010023085585552512166239",
                "173504783616700940463396463138117707828",
                "129263400523616471801441041851498434769"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8",
        "signature_version": "v1",
        "target": {
            "file": "app/lua53/linit.c"
        },
        "id": "CVE-2024-36671-deee070e",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "33183042613565895250146258160911814426",
                "119317432521772167950040814724943399446",
                "132770364800913629009456369007482015918",
                "89460597058768877883041252106985977389",
                "230438464507691708723476476924835326570",
                "84858937201768188346049531698551371277",
                "183766946126662642903860356263714292817",
                "323851766160663815902261792370551976420",
                "216568755433424578970679091253290053434",
                "209424037438110226882968496823308952458",
                "205305831207263775545385156611301641904",
                "191938404837805446922725590871801151873",
                "121145943713563040990557078146267631513",
                "73095982399332724023954997967442326511"
            ],
            "threshold": 0.9
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36671.json"
vanir_signatures_modified 
"2026-04-12T08:40:54Z"