Input Validation Vulnerability in Zephyr Project's HTTP Server
CVE-2024-10395

8.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 3 February 2025

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2024-10395?

An input validation vulnerability exists within the HTTP server of the Zephyr Project, allowing attackers to exploit improper validation of user input lengths in the function responsible for determining content type from file extensions. This oversight could lead to various security risks, highlighting the importance of maintaining vigilant security practices and promptly applying patches.

Affected Version(s)

Zephyr * <= 3.7

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Oct 25, 2024