Logic Error in Android WiFi Configuration Leading to Denial of Service
CVE-2024-40674

5.3MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 28 January 2025

What is CVE-2024-40674?

A logic error in the function validateSsid of WifiConfigurationUtil.java allows for a potential overflow in a system configuration file. This flaw can lead to a local denial of service, enabling an attacker to affect the device's WiFi functionality without requiring any additional execution privileges or user interaction. Given this scenario, corrective measures should be undertaken to patch the vulnerability.

Affected Version(s)

Android 14

References

https://android.googlesource.com/platform/packages/module...

https://source.android.com/security/bulletin/2024-10-01

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jul 8, 2024

Google

What is CVE-2024-40674?

Affected Version(s)

References

CVSS V3.1

Timeline