CVE-2024-55884 CRITICAL

CVE-2024-55884

Vendor N/A
Product n/a
Published December 11, 2024
Last update December 12, 2024

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

What the vulnerability does

01Description

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial.

Key dates

02Disclosure timeline

December 11, 2024 CVE published
December 12, 2024 Record updated