github - ghsa-m5xv-fggp-4j5r

ghsa-m5xv-fggp-4j5r

Vulnerability from github

Published

2024-08-08 15:31

Modified

2025-08-29 21:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Details

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.

This issue affects Advanced Software Framework: through 3.52.0.2574.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-08T15:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow.\n This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.\n\nThis issue affects Advanced Software Framework: through 3.52.0.2574.",
  "id": "GHSA-m5xv-fggp-4j5r",
  "modified": "2025-08-29T21:32:01Z",
  "published": "2024-08-08T15:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7490"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/138043"
    },
    {
      "type": "WEB",
      "url": "https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2024-7490 (GCVE-0-2024-7490)

Vulnerability from cvelistv5

Published

2024-08-08 15:01

Modified

2025-08-29 20:23

Severity ?

9.5 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Summary

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

References

URL

Tags

https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework

product

Impacted products

	Vendor	Product	Version
	Microchip Techology	Advanced Software Framework	Version: 0 ≤ 3.52.0.2574

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microchip:advanced_software_framework:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "advanced_software_framework",
            "vendor": "microchip",
            "versions": [
              {
                "lessThanOrEqual": "3.52.0.2574",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T16:25:23.040865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T16:30:11.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-19T13:06:47.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/138043"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gallery.microchip.com/packages/4CE20911-D794-4550-8B94-6C66A93228B8/",
          "defaultStatus": "affected",
          "modules": [
            "network"
          ],
          "packageName": "lwip",
          "product": "Advanced Software Framework",
          "programFiles": [
            "tinydhcpserver.c"
          ],
          "programRoutines": [
            {
              "name": "lwip_dhcp_find_option"
            }
          ],
          "repo": "https://savannah.nongnu.org/projects/lwip/",
          "vendor": "Microchip Techology",
          "versions": [
            {
              "lessThanOrEqual": "3.52.0.2574",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of the lwip stack embedded in ASF, and using the example DHCP server provided.\u003cbr\u003e"
            }
          ],
          "value": "Use of the lwip stack embedded in ASF, and using the example DHCP server provided."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "element55"
        }
      ],
      "datePublic": "2024-08-05T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow.\u003cbr\u003e\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003etinydhcpserver.C\u003c/tt\u003e and program routines \u003ctt\u003elwip_dhcp_find_option\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Advanced Software Framework: through 3.52.0.2574.\u003c/p\u003e\u003cp\u003e\nASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow.\n This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.\n\nThis issue affects Advanced Software Framework: through 3.52.0.2574.\n\n\nASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-29T20:23:53.142Z",
        "orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
        "shortName": "Microchip"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.\u003cbr\u003e"
            }
          ],
          "value": "ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework."
        }
      ],
      "source": {
        "advisory": "PSIRT-23",
        "discovery": "EXTERNAL"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "Remote Code Execution in Advanced Software Framework DHCP server",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\nThe issue can be mitigated by adding a check to the size variable after the call [1] to pbuf_get_at on line 127 [1].\n If the size variable is not 4, then the function should cease \nprocessing and return. The lwip_dhcp_find_option function is only used \nto find this one option. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\n\u003cp\u003e [1] \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/alfred-ai/microchip-asf/blob/bf5205e36a265b867d531647ffbf2de5e287853a/thirdparty/lwip/lwip-tinyservices/tinydhcpserver.c#L127\"\u003ehttps://github.com/alfred-ai/microchip-asf/blob/bf5205e36a265b867d531647ffbf2de5e287853a/thirdparty/lwip/lwip-tinyservices/tinydhcpserver.c#L127\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "The issue can be mitigated by adding a check to the size variable after the call [1] to pbuf_get_at on line 127 [1].\n If the size variable is not 4, then the function should cease \nprocessing and return. The lwip_dhcp_find_option function is only used \nto find this one option. \n\n\n\n\n\n\n [1]  https://github.com/alfred-ai/microchip-asf/blob/bf5205e36a265b867d531647ffbf2de5e287853a/thirdparty/lwip/lwip-tinyservices/tinydhcpserver.c#L127"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
    "assignerShortName": "Microchip",
    "cveId": "CVE-2024-7490",
    "datePublished": "2024-08-08T15:01:09.055Z",
    "dateReserved": "2024-08-05T14:10:12.165Z",
    "dateUpdated": "2025-08-29T20:23:53.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.