CVE-2024-45038

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45038

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45038.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45038

Aliases

GHSA-3x3r-vw9f-pxq5

Published

2024-08-27T20:36:34.548Z

Modified

2026-04-12T09:00:32.311379Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware

Details

Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulnerability in MQTT handling, fixed in version 2.4.1 of the Meshtastic firmware and on the Meshtastic public MQTT Broker. It's strongly suggested that all users of Meshtastic, particularly those that connect to a privately hosted MQTT server, update to this or a more recent stable version right away. There are no known workarounds for this vulnerability.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45038.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-755"
    ]
}

References

Affected packages

Git / github.com/meshtastic/firmware

Affected ranges

Type

GIT

Repo

https://github.com/meshtastic/firmware

Events

Introduced

Fixed

394e0e1b3e33cbf64d6518e4b7911a402eae5284

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.1"
        }
    ]
}

Affected versions

0.*

0.0.3

0.1.10

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.3

0.4.1

0.4.2

0.4.3

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.7

0.6.8

0.7.10

0.7.11

0.7.4

0.7.5

0.7.6

0.7.6b

0.7.7

0.7.8

0.7.9

0.8.1-fixed

0.9.1

0.9.2

0.9.3

0.9.5

0.9.6

0.9.7

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.20

1.1.23

1.1.3

1.1.30

1.1.31

1.1.32

1.1.33

1.1.4

1.1.42

1.1.46

1.1.47

1.1.48

1.1.5

1.1.50

1.1.6

1.1.7

1.1.8

1.2.1

1.2.10

1.2.11

1.2.4

1.2.5

1.2.6

1.2.9

v1.*

v1.2.29.6c95659

v1.2.30.80e4bc6

v1.2.38.cf4e508

v1.2.39.06892c4

v1.2.41.32f3682

v1.2.44.f2c9c55

v1.2.47

v1.2.48.371335e

v1.2.49.5354c49

v1.2.50.41dcfdd

v1.2.51.f9ff06b

v1.2.52.b63802c

v1.2.53.19c1f9f

v1.2.54.288f2be

v1.2.55.9db7c62

v1.2.testing1

v1.3.10.4df0e91

v1.3.10.cc2a84a

v1.3.11.0411401

v1.3.12.6306c53

v1.3.13.71a43a9

v1.3.15.432d067

v1.3.16.97899ae

v1.3.17.c9822de

v1.3.19.3c6a2f7

v1.3.20.9a5ff93

v1.3.21.cf00ac5

v1.3.22.c725a6b

v1.3.23.5462d84

v1.3.24.dff6915

v1.3.25.85f46d3

v1.3.26.0010231

v1.3.27.c88ba58

v1.3.28.41f9541

v1.3.29.7afc149

v1.3.3.2fe124e

v1.3.30.9fe2ddb

v1.3.31.0084643

v1.3.32.7e6c22f

v1.3.33.ab0095c

v1.3.34.401b5d9

v1.3.35.3251cd5

v1.3.36.64f852e

v1.3.36.7e03019

v1.3.36.dd720f2

v1.3.37.97712a9

v1.3.38.1253abd

v1.3.39.ddc3727

v1.3.4.2b20bf3

v1.3.40.e87ecc2

v1.3.41.80ddb81

v1.3.42.9bd9252

v1.3.43.aae9d2f

v1.3.44.4fa8d02

v1.3.46.d4ea956

v1.3.47.05147c0

v1.3.48.82bcd39

v1.3.5.e5b19fd

v1.3.6.f511bab

v1.3.7.bb22b6e

v1.3.8.90df7c2

v1.3.9.92185e7

v2.*

v2.0.0.18ab874

v2.0.1.ad05b91

v2.0.10.e09b12c

v2.0.11.8914d1a

v2.0.12.2400dd4

v2.0.13.7e27729

v2.0.14.2baaad8

v2.0.15.aafbde0

v2.0.16.2242b68

v2.0.17.5d1c06b

v2.0.18.1a7991c

v2.0.19.3209aea

v2.0.2.8146e84

v2.0.20.7100416

v2.0.21.83e6cea

v2.0.22.fbfd0f1

v2.0.23.7bb281d

v2.0.3.09fe616

v2.0.6.97fd5cf

v2.0.7.91ff7b9

v2.0.8.090e166

v2.0.9.6ea0963

v2.1.0.331a1af

v2.1.1.dc2ca9c

v2.1.10.7ef12c7

v2.1.11.5ec624d

v2.1.12.7711b03

v2.1.13.7475c86

v2.1.14.99a31c1

v2.1.15.cd78723

v2.1.16.a2c5b92

v2.1.17.7ca2e81

v2.1.18.de53280

v2.1.19.eb7025f

v2.1.2.6d20215

v2.1.20.470363d

v2.1.21.97d7a89

v2.1.22.191a69d

v2.1.23.04bbdc6

v2.1.3.8c68d88

v2.1.4.958d2cf

v2.1.5.23272da

v2.1.6.5679a82

v2.1.7.242f880

v2.1.9.d43ddc9

v2.2.0.9f6584b

v2.2.1.fb5f2e4

v2.2.10.7cebd79

v2.2.11.10265aa

v2.2.12.092e6f2

v2.2.13.f570204

v2.2.14.57542ce

v2.2.15.31c4693

v2.2.16.1c6acfd

v2.2.17.dbac2b1

v2.2.18.e9bde80

v2.2.19.8f6a283

v2.2.2.f35c7be

v2.2.20.af5ac32

v2.2.21.7f7c5cb

v2.2.22.404d0dd

v2.2.23.5672e68

v2.2.24.e6a2c06

v2.2.3.282cc0b

v2.2.4.3bcab0e

v2.2.5.8255128

v2.2.6.b53cb38

v2.2.7.e8970ad

v2.2.8.61f6fb2

v2.2.9.47301a5

v2.3.0.5f47ca1

v2.3.1.4fa7f5a

v2.3.10.d19607b

v2.3.11.2740a56

v2.3.12.24458a7

v2.3.13.83f5ba0

v2.3.14.64531fa

v2.3.15.deb7c27

v2.3.2.63df972

v2.3.3.8187fa7

v2.3.4.ea61808

v2.3.5.2f9b68e

v2.3.6.7a3570a

v2.3.7.30fbcab

v2.3.8.d490a33

v2.3.9.f06c56a

v2.4.0.46d7b82

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/meshtastic/firmware/commit/394e0e1b3e33cbf64d6518e4b7911a402eae5284",
        "signature_version": "v1",
        "target": {
            "file": "src/platform/nrf52/architecture.h"
        },
        "id": "CVE-2024-45038-a1418c84",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "78405899312413117114779258497306374468",
                "285809257131067487912618678118474890117",
                "339442095046118411082688366964671282444"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45038.json"

vanir_signatures_modified

"2026-04-12T09:00:32Z"