CVE-2024-35419
Published: 08 November 2024
Summary
CVE-2024-35419 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Kanaka Wac. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-35322
Vulnerability details
wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in wac/wace load_module allows remote exploitation via crafted WASM file for client application code execution (T1203) or endpoint denial of service through application crash (T1499.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.