What the vulnerability does

01Description

In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
January 2, 2025 Record updated