CVE-2024-29195

CVSS 3.1 Score 6.0 of 10 (medium)

Details

Published Mar 26, 2024
CWE ID 120

Summary

CVE-2024-29195 is a medium-severity vulnerability found in the azure-c-shared-utility library, which is used for AMQP/MQTT communication with Azure Cloud Services. This vulnerability can be exploited by an attacker to cause an integer wraparound or under-allocation or heap buffer overflow by manipulating the buffer length parameter in Azure C SDK. The exploitation of this vulnerability may lead to remote code execution. To successfully exploit this vulnerability, the attacker would need a compromised Azure account, the ability to send malformed payloads via IoT Hub service, and the ability to overwrite code space with remote code. The vulnerability has been fixed in a specific commit on GitHub.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-29195 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options