CVE-2024-20136

CVSS 3.1 Score 6.2 of 10 (medium)

Details

Published Dec 2, 2024
CWE ID 125

Summary

CVE-2024-20136 is a newly disclosed cybersecurity vulnerability affecting the "in da" software. This issue involves a missing bounds check leading to a potential out-of-bounds read. Consequences of this vulnerability include local information disclosure, meaning sensitive data could be exposed. Importantly, no additional execution privileges or user interaction are required for an attacker to exploit this weakness. The patch for this vulnerability is identified as ALPS09121847, and the internal issue identifier is MSV-1821.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share