Buffer Overflow Vulnerability in EMQX Neuron Plugin Functionality
CVE-2024-10964

9.8CRITICAL

Key Information:

Vendor: EMQx
Status: Neuron
Vendor: CVE Published:; 7 November 2024

What is CVE-2024-10964?

A severe vulnerability has been identified in EMQX Neuron, specifically in the function handle_add_plugin found in cmd.library of the plugins/restful/plugin_handle.c file. This defect allows for a buffer overflow, which can be exploited by a remote attacker. If successfully executed, the vulnerability can lead to unauthorized access and control over the affected system. EMQX has acknowledged this issue and recommends affected users to apply the available patch to mitigate the risks associated with this critical flaw.

Affected Version(s)

neuron 2.0

neuron 2.1

neuron 2.2

References

https://vuldb.com/?id.283410

vdb-entrytechnical-description

https://vuldb.com/?ctiid.283410

signaturepermissions-required

https://vuldb.com/?submit.435372

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Nov 7, 2024

Credit

susu199 (VulDB User)

EMQx

What is CVE-2024-10964?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit