Mullvad VPN client out of band write vulnerability [CVE-2024-55884]

December 12, 2024 Jason Davies 147 Views 0 Comments CVE-2024-55884, Cyber Security, Mullvad VPN 0 min read

CVE number – CVE-2024-55884

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01.

NOTE: achieving code execution is considered non-trivial.

Further details – https://x41-dsec.de/news/2024/12/11/mullvad/

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Mullvad VPN client out of band write vulnerability [CVE-2024-55884]

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply