Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52924

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Mar, 2025 | 00:00
Updated At-07 Mar, 2025 | 19:51
Rejected At-
Credits

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of boundary check during the decoding of Registration Accept messages can lead to out-of-bounds writes on the stack

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Mar, 2025 | 00:00
Updated At:07 Mar, 2025 | 19:51
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of boundary check during the decoding of Registration Accept messages can lead to out-of-bounds writes on the stack

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Mar, 2025 | 18:15
Updated At:01 Jul, 2025 | 15:01

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of boundary check during the decoding of Registration Accept messages can lead to out-of-bounds writes on the stack

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Samsung
samsung
>>exynos_9820_firmware>>-
cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9820>>-
cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9825_firmware>>-
cpe:2.3:o:samsung:exynos_9825_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9825>>-
cpe:2.3:h:samsung:exynos_9825:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980_firmware>>-
cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980>>-
cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_990_firmware>>-
cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_990>>-
cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850_firmware>>-
cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850>>-
cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080_firmware>>-
cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080>>-
cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2100_firmware>>-
cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2100>>-
cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280_firmware>>-
cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280>>-
cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2200_firmware>>-
cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2200>>-
cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1330_firmware>>-
cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1330>>-
cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1380_firmware>>-
cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1380>>-
cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1480_firmware>>-
cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1480>>-
cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2400_firmware>>-
cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2400>>-
cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9110_firmware>>-
cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9110>>-
cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w920_firmware>>-
cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w920>>-
cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w930_firmware>>-
cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w930>>-
cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w1000_firmware>>-
cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_w1000>>-
cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5123_firmware>>-
cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5123>>-
cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5300_firmware>>-
cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5300>>-
cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5400_firmware>>-
cpe:2.3:o:samsung:exynos_modem_5400_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5400>>-
cpe:2.3:h:samsung:exynos_modem_5400:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-121
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve@mitre.org
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

158Records found
CVE-2024-58116
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4||MEDIUM
EPSS-0.03% / 6.45%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:40
Updated-07 May, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.24%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-3788dsl-3788_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-13903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.85%
||
7 Day CHG+0.06%
Published-21 Mar, 2025 | 07:00
Updated-24 Mar, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-quickjs-ngquickjs-ng
Product-quickjsQuickJS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.82%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206_firmwarefh1206n/afh1206_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49828
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.69%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 19:04
Updated-17 Aug, 2025 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-49350
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.59%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 19:18
Updated-26 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.82%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1573
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.18% / 40.29%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:55
Updated-06 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found