Modem Remote DoS via Error Handling Crash
CVE-2024-20076 Published on July 1, 2024

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481.

NVD

Vulnerability Analysis

CVE-2024-20076 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2024-20076 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2024-20076

stack.watch emails you whenever new vulnerabilities are published in Google Android or MediaTek Lr12a. Just hit a watch button to start following.

Google Android
 
MediaTek Lr12a
 

Affected Versions

MediaTek, Inc. MT2731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6771, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788: mediatek mt2731: mediatek mt6739: mediatek mt6761: mediatek mt6762: mediatek mt6763: mediatek mt6765: mediatek mt6767: mediatek mt6768: mediatek mt6769: mediatek mt6771: mediatek mt8666: mediatek mt8667: mediatek mt8765: mediatek mt8766: mediatek mt8768: mediatek mt8781: mediatek mt8786: mediatek mt8788:

Exploit Probability

EPSS
2.92%
Percentile
86.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.