CVE-2024-20097

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Oct 7, 2024

Updated: Oct 27, 2024

CWE ID 125

Summary

CVE-2024-20097 is a new vulnerability affecting the vdec component. This issue involves a missing bounds check, resulting in a potential out-of-bounds read. The consequences of this vulnerability can lead to local information disclosure, requiring System execution privileges. Notably, user interaction is not required for an attacker to exploit this flaw. The patch ID for addressing this issue is ALPS09028313, and it is identified as MSV-1630 in Microsoft's vulnerability database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zRVuvR
https://www.cve.org/CVERecord?id=CVE-2024-20097
https://nvd.nist.gov/vuln/detail/CVE-2024-20097

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners

CVE-2024-20097

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations