CVE-2024-56318

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56318
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56318.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56318
Published
2024-12-18T23:15:18Z
Modified
2025-01-15T05:18:56.612650Z
Summary
[none]
Details

In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.

References

Affected packages

Git / github.com/project-chip/connectedhomeip

Affected ranges

Type
GIT
Repo
https://github.com/project-chip/connectedhomeip
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

SVE_23_03/rc1
SVE_23_03/rc2
SVE_23_09/rc1
TE8/rc1
TE8/rc2
TE8/rc3
TE9
TE_23_02/rc1
TE_23_02/rc2
TE_24_01/rc1
test_event_1_2012_03_05
test_event_2_2012_04_19
test_event_2_2012_04_21
test_event_2_2012_04_22
test_event_3_2012_04_21
test_event_3_2021_06_01
test_event_3_2021_06_03
test_event_4_2021_07_06
v2021_01_27-alpha
v2021_02_02-alpha
v2021_02_10-alpha

TH-Matter-1.*

TH-Matter-1.2

V1.*

V1.0.0.1

v1.*

v1.0.0.2
v1.1.0.0
v1.1.0.1
v1.2.0.0
v1.2.0.1
v1.3.0.0