{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35215", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2024-05-13T21:20:04.328Z", "datePublished": "2024-10-08T17:35:57.156Z", "dateUpdated": "2025-08-22T15:47:01.556Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QNX Software Development Platform (SDP)", "vendor": "BlackBerry", "versions": [{"lessThanOrEqual": "7.1", "status": "affected", "version": "7.0", "versionType": "custom"}]}], "datePublic": "2024-10-08T17:35:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">NULL pointer dereference in IP socket options processing of the Networking Stack </span><span style=\"background-color: rgb(255, 255, 255);\">in</span><span style=\"background-color: rgb(255, 255, 255);\"> QNX </span><span style=\"background-color: rgb(255, 255, 255);\">Software </span><span style=\"background-color: rgb(255, 255, 255);\">Development</span><span style=\"background-color: rgb(255, 255, 255);\"> Platform (</span><span style=\"background-color: rgb(255, 255, 255);\">SDP</span><span style=\"background-color: rgb(255, 255, 255);\">)</span><span style=\"background-color: rgb(255, 255, 255);\"> version(s) 7.</span><span style=\"background-color: rgb(255, 255, 255);\">1</span><span style=\"background-color: rgb(255, 255, 255);\"> and 7.</span><span style=\"background-color: rgb(255, 255, 255);\">0</span><span style=\"background-color: rgb(255, 255, 255);\"> could allow an attacker </span><span style=\"background-color: rgb(255, 255, 255);\">with local access</span><span style=\"background-color: rgb(255, 255, 255);\"> to cause a </span><span style=\"background-color: rgb(255, 255, 255);\">d</span><span style=\"background-color: rgb(255, 255, 255);\">enial-of-</span><span style=\"background-color: rgb(255, 255, 255);\">s</span><span style=\"background-color: rgb(255, 255, 255);\">ervice condition in the context of the </span><span style=\"background-color: rgb(255, 255, 255);\">N</span><span style=\"background-color: rgb(255, 255, 255);\">etworking </span><span style=\"background-color: rgb(255, 255, 255);\">S</span><span style=\"background-color: rgb(255, 255, 255);\">tack</span><span style=\"background-color: rgb(255, 255, 255);\"> process</span><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>"}], "value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-08-22T15:47:01.556Z"}, "references": [{"url": "https://support.blackberry.com/pkb/s/article/140162"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T18:35:30.013530Z", "id": "CVE-2024-35215", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T18:36:04.799Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35215", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T18:35:30.013530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T18:35:48.183Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BlackBerry", "product": "QNX Software Development Platform (SDP)", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "7.1"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-08T17:35:00.000Z", "references": [{"url": "https://support.blackberry.com/pkb/s/article/140162"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">NULL pointer dereference in IP socket options processing of the Networking Stack </span><span style=\"background-color: rgb(255, 255, 255);\">in</span><span style=\"background-color: rgb(255, 255, 255);\"> QNX </span><span style=\"background-color: rgb(255, 255, 255);\">Software </span><span style=\"background-color: rgb(255, 255, 255);\">Development</span><span style=\"background-color: rgb(255, 255, 255);\"> Platform (</span><span style=\"background-color: rgb(255, 255, 255);\">SDP</span><span style=\"background-color: rgb(255, 255, 255);\">)</span><span style=\"background-color: rgb(255, 255, 255);\"> version(s) 7.</span><span style=\"background-color: rgb(255, 255, 255);\">1</span><span style=\"background-color: rgb(255, 255, 255);\"> and 7.</span><span style=\"background-color: rgb(255, 255, 255);\">0</span><span style=\"background-color: rgb(255, 255, 255);\"> could allow an attacker </span><span style=\"background-color: rgb(255, 255, 255);\">with local access</span><span style=\"background-color: rgb(255, 255, 255);\"> to cause a </span><span style=\"background-color: rgb(255, 255, 255);\">d</span><span style=\"background-color: rgb(255, 255, 255);\">enial-of-</span><span style=\"background-color: rgb(255, 255, 255);\">s</span><span style=\"background-color: rgb(255, 255, 255);\">ervice condition in the context of the </span><span style=\"background-color: rgb(255, 255, 255);\">N</span><span style=\"background-color: rgb(255, 255, 255);\">etworking </span><span style=\"background-color: rgb(255, 255, 255);\">S</span><span style=\"background-color: rgb(255, 255, 255);\">tack</span><span style=\"background-color: rgb(255, 255, 255);\"> process</span><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-08-22T15:47:01.556Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35215", "state": "PUBLISHED", "dateUpdated": "2025-08-22T15:47:01.556Z", "dateReserved": "2024-05-13T21:20:04.328Z", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "datePublished": "2024-10-08T17:35:57.156Z", "assignerShortName": "blackberry"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "56E0D7BA-CF67-4DB3-8A02-122922CC8E3E", "versionEndExcluding": "8.0", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."}, {"lang": "es", "value": "La desreferencia de puntero NULL en el procesamiento de opciones de socket IP de la pila de red en la plataforma de desarrollo de software (SDP) QNX versiones 7.1 y 7.0 podr\u00eda permitir que un atacante con acceso local provoque una condici\u00f3n de denegaci\u00f3n de servicio en el contexto del proceso de la pila de red."}], "id": "CVE-2024-35215", "lastModified": "2025-12-01T17:56:42.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secure@blackberry.com", "type": "Secondary"}]}, "published": "2024-10-08T18:15:05.717", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/pkb/s/article/140162"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secure@blackberry.com", "type": "Secondary"}]}

{}

{}