Main Vulnerability Database Vulnerabilities #VU97022

Heap-based buffer overflow in Windows and Windows Server - CVE-2024-38045

Published: September 10, 2024

Vulnerability identifier: #VU97022

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-38045

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability exists due to a boundary error within the Windows TCP/IP implementation when handling network packets. A remote attacker can send specially crafted traffic to the system, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the NetNAT service is configured (not a default configuration).

How to mitigate CVE-2024-38045

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38045

Heap-based buffer overflow in Windows and Windows Server - CVE-2024-38045

Detailed vulnerability description

How to mitigate CVE-2024-38045

Sources

Please verify you're human