Today > | 9 High | 16 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-56317

Dec. 18, 2024, 11:15 p.m.

Tags

cve@mitre.org
CWE-281
2024-12-18
CVE-2024-56317

Product(s) Impacted

Matter (connectedhomeip/Project CHIP)

  • through 1.4.0.0

Description

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.

Weaknesses

CWE-281
Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

CWE ID: 281

Date

Published: Dec. 18, 2024, 11:15 p.m.

Last Modified: Dec. 18, 2024, 11:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/ cve@mitre.org