What is CVE-2024-42484?

CVE-2024-42484 is a medium-severity vulnerability in Espressif Esp-now, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2024-09-12.

How severe is CVE-2024-42484?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Out-of-bounds Read in Espressif Esp-now

CVE-2024-42484

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the g…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (29.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L.

Affected products

Espressif Esp-now — versions < 2.5.2

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/espressif/esp-now/security/advisories/GHSA-q6f6-4qc5-vhx5 (x_refsource_CONFIRM)
https://github.com/espressif/esp-now/commit/b03a1b4593713fa4bf0038a87edca01f10114a7a (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-42484?: CVE-2024-42484 is a medium-severity vulnerability in Espressif Esp-now, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2024-09-12.
How severe is CVE-2024-42484?: Medium severity. CVSS v3 base score is 6.5 out of 10.