CVE-2024-54130
- Source
- https://cve.org/CVERecord?id=CVE-2024-54130
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54130.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-54130
- Aliases
-
- GHSA-7pj7-hfwv-q3v6
- Published
- 2024-12-05T15:10:37.229Z
- Modified
- 2026-04-10T05:19:04.519699Z
- Severity
-
- 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H CVSS Calculator
- Summary
- Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public)
- Details
-
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s.
- Database specific
{ "cwe_ids": [ "CWE-476" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54130.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/nasa-jpl/ion-dtn
Affected versions
IOS-4.*
IOS-4.1.1
ion-2.*
ion-2.1.0
ion-2.2.0
ion-2.2.1
ion-2.2.1b
ion-2.3.0
ion-2.4.0
ion-2.5.0
ion-3.*
ion-3.0.0
ion-3.1.0
ion-3.2.0
ion-3.3.0
ion-3.4.0
ion-3.5.0
ion-3.6.0
ion-4.*
ion-4.1.1-release
ion-open-source-4.*
ion-open-source-4.1.1
ion-open-source-4.1.2
ion-open-source-4.1.3