Buffer Overflow Vulnerability in EMQX Neuron Plugin Functionality
CVE-2024-10964

9.8CRITICAL

Key Information:

Vendor: EMQx
Status: Neuron
Vendor: CVE Published:; 7 November 2024

Summary

A severe vulnerability has been identified in EMQX Neuron, specifically in the function handle_add_plugin found in cmd.library of the plugins/restful/plugin_handle.c file. This defect allows for a buffer overflow, which can be exploited by a remote attacker. If successfully executed, the vulnerability can lead to unauthorized access and control over the affected system. EMQX has acknowledged this issue and recommends affected users to apply the available patch to mitigate the risks associated with this critical flaw.

Affected Version(s)

neuron 2.0

neuron 2.1

neuron 2.2

References

https://vuldb.com/?id.283410

vdb-entrytechnical-description

https://vuldb.com/?ctiid.283410

signaturepermissions-required

https://vuldb.com/?submit.435372

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Nov 7, 2024

Collectors

NVD DatabaseMitre Database

Credit

susu199 (VulDB User)