CVE-2024-56317

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-56317

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56317.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56317

Published

2024-12-18T23:15:18.023Z

Modified

2026-04-10T05:58:48.402127Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.

References

https://github.com/project-chip/connectedhomeip/issues/36535

Affected packages

Git / github.com/project-chip/connectedhomeip

Affected ranges

Type

GIT

Repo

https://github.com/project-chip/connectedhomeip

Events

Introduced

Last affected

43aa98c2d30ee547c6b587b9de7bbb794f175ece

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.0.0"
        }
    ]
}

Affected versions

Other

SVE_23_03/rc1

SVE_23_03/rc2

SVE_23_09/rc1

TE8/rc1

TE8/rc2

TE8/rc3

TE9

TE_23_02/rc1

TE_23_02/rc2

TE_24_01/rc1

test_event_1_2012_03_05

test_event_2_2012_04_19

test_event_2_2012_04_21

test_event_2_2012_04_22

test_event_3_2012_04_21

test_event_3_2021_06_01

test_event_3_2021_06_03

test_event_4_2021_07_06

v2021_01_27-alpha

v2021_02_02-alpha

v2021_02_10-alpha

TH-Matter-1.*

TH-Matter-1.2

V1.*

V1.0.0.1

v1.*

v1.0.0.2

v1.1.0.0

v1.1.0.1

v1.2.0.0

v1.2.0.1

v1.3.0.0

v1.4.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56317.json"