Sharp MFPs Suffer Out-of-bounds Read Vulnerability Due to improper HTTP Request Header Processing
CVE-2024-43424

7.5HIGH

Key Information:

Vendor: Sharp Corporation
Status: Sharp Digital Full-color Mfps And Monochrome Mfps; E-studio 908; E-studio 1058; E-studio 1208
Vendor: CVE Published:; 25 October 2024

🔔 Create Sharp Corporation Vulnerability Alert

What is CVE-2024-43424?

Sharp and Toshiba Tec Multi-Function Printers (MFPs) are susceptible to an Out-of-bounds Read vulnerability due to improper handling of HTTP request headers. This flaw allows for crafted HTTP requests to be processed, potentially leading to system crashes and operational disruption. Users of affected MFP systems are advised to implement immediate countermeasures to mitigate the risks associated with these vulnerabilities.

Affected Version(s)

e-STUDIO 1058 T1.01.h4.00 and earlier versions

e-STUDIO 1208 T1.01.h4.00 and earlier versions

e-STUDIO 908 T2.12.h3.00 and earlier versions

References

https://jvn.jp/en/vu/JVNVU95063136/

https://global.sharp/products/copier/info/info_security_2...

https://www.toshibatec.com/information/20241025_01.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 16, 2024