{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-56317", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-02T19:14:41.253Z", "dateReserved": "2024-12-18T00:00:00", "datePublished": "2024-12-18T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Matter", "vendor": "Matter", "versions": [{"lessThanOrEqual": "1.4.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-12-18T23:12:42.400Z"}, "references": [{"url": "https://github.com/project-chip/connectedhomeip/issues/36535"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "enrichogram 0.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-02T19:14:11.501554Z", "id": "CVE-2024-56317", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-02T19:14:41.253Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-56317", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-02T19:14:11.501554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-02T19:14:37.737Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Matter", "product": "Matter", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/project-chip/connectedhomeip/issues/36535"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-12-18T23:12:42.400Z"}}}, "cveMetadata": {"cveId": "CVE-2024-56317", "state": "PUBLISHED", "dateUpdated": "2025-01-02T19:14:41.253Z", "dateReserved": "2024-12-18T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-12-18T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service."}, {"lang": "es", "value": "En Matter (tambi\u00e9n conocido como connectedhomeip o Project CHIP) hasta la versi\u00f3n 1.4.0.0, la funci\u00f3n WriteAcl elimina primero todas las entradas de ACL existentes y luego intenta volver a crearlas en funci\u00f3n de la entrada del usuario. Si la validaci\u00f3n de la entrada falla durante la decodificaci\u00f3n, el proceso se detiene y access-control-server.cpp no restaura ninguna entrada, es decir, se produce una denegaci\u00f3n de servicio."}], "id": "CVE-2024-56317", "lastModified": "2025-01-02T20:16:06.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-18T23:15:18.023", "references": [{"source": "cve@mitre.org", "url": "https://github.com/project-chip/connectedhomeip/issues/36535"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}