CVE-2024-42284

tipc: Return non-zero value from tipc_udp_addr2str() on error

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b patch
https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f patch
https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8 patch
https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69 patch
https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813 patch
https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28 patch
https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a patch
https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076 patch

Frequently Asked Questions

What is the severity of CVE-2024-42284?
CVE-2024-42284 has been scored as a high severity vulnerability.
How to fix CVE-2024-42284?
To fix CVE-2024-42284, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42284 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42284 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42284?
CVE-2024-42284 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.