CVE-2024-55884

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 787

Summary

CVE-2024-55884 is a vulnerability affecting Mullvad VPN clients, specifically versions 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android). The issue involves exhaustion of the exception-handling alternate stack, resulting in heap-based out-of-bounds writes in the 'enable()' function of 'unix.rs'. This condition can lead to potential security vulnerabilities, with MLLVD-CR-24-01 being the associated identifier for this issue. However, it's important to note that exploiting this vulnerability for code execution is considered non-trivial.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share