Executive Summary

Informations
Name CVE-2024-51500 First vendor Publication 2024-11-04
Vendor Cve Last vendor Modification 2024-11-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. Such an attack could result in degraded network performance for all users as the available bandwidth is consumed. This issue has been addressed in release version 2.5.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51500

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-159 Failure to Sanitize Special Element
50 % CWE-138 Improper Sanitization of Special Elements

Sources (Detail)

https://github.com/meshtastic/firmware/security/advisories/GHSA-xfmq-5j3j-vgv8
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-11-05 21:27:31
  • Multiple Updates
2024-11-05 05:28:08
  • First insertion