In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-787 | |
Metrics |
ssvc
|
Wed, 11 Dec 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial. | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-11T00:00:00
Updated: 2024-12-12T16:15:58.368Z
Reserved: 2024-12-11T00:00:00
Link: CVE-2024-55884
Vulnrichment
Updated: 2024-12-12T16:15:53.410Z
NVD
Status : Awaiting Analysis
Published: 2024-12-12T02:08:23.127
Modified: 2024-12-12T17:15:11.710
Link: CVE-2024-55884
Redhat
No data.