How severe is CVE-2024-38373?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-38373?

This is classified as CWE-126, which is a common weakness in software security.

CVE-2024-38373 - HIGH Severity | CVSS 8.1

Vulnerability Description

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1.

Related Vulnerabilities

CVE-2024-23359

HIGH

CVSS:8.2(High)

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

CWE-1262024

CVE-2024-33064

HIGH

CVSS:8.2(High)

Information disclosure while parsing the multiple MBSSID IEs from the beacon.

CWE-1262024

CVE-2024-33073

HIGH

CVSS:8.2(High)

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CWE-1262024

CVE-2024-45552

HIGH

CVSS:8.2(High)

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.

CWE-1262024

CVE-2018-5852

HIGH

CVSS:7.8(High)

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

CWE-1262018

CVE-2020-35511

HIGH

CVSS:7.8(High)

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

CWE-1262020