CVE-2024-55884

Published Dec 12, 2024

Last updated 6 days ago

CVSS critical 9.0

Overview

Description
In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

2

  1. The CVE-2024-55884 vulnerability is a critical security flaw in Mullvad VPN, rated CVSS 9.0, indicating severe risk. The flaw could allow attackers to execute malicious payloads or gain unauthorized access, primarily affecting the desktop applications. https://t.co/qkXySn0IKq… h

    @xcyberfeed

    16 Dec 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN https://t.co/29eoYgozUK

    @Dinosn

    16 Dec 2024

    3495 Impressions

    17 Retweets

    27 Likes

    8 Bookmarks

    0 Replies

    2 Quotes

  3. 🚨🚨CVE-2024-55884 (CVSS: 9.0) : Critical Vulnerability Found in Mullvad VPN ⚠️In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in…

    @zoomeye_team

    16 Dec 2024

    2252 Impressions

    5 Retweets

    24 Likes

    3 Bookmarks

    1 Reply

    1 Quote

  4. CVE-2024-55884 In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based o… https://t.co/oJThh9MtFP

    @CVEnew

    15 Dec 2024

    582 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2024-55884: CRITICAL] Mullvad VPN client versions 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android) are vulnerable to out-of-bounds writes, posing cyber security risks. Opinions divide on ease of co...#cybersecurity,#vulnerability https://t.co/maiuOlAcTJ https://t.c

    @CveFindCom

    11 Dec 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References