CVE-2024-20116

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Dec 2, 2024
CWE ID 125

Summary

CVE-2024-20116 is a newly disclosed vulnerability affecting the cmdq component. The issue involves a missing bounds check, resulting in a possible out-of-bounds read. This vulnerability could lead to local information disclosure, and in some cases, even system execution, requiring privilege escalation. User interaction is not necessary for an attacker to exploit this flaw. The patch ID for mitigation is ALPS09057438, and the internal reference is MSV-1696.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share