DoS via crafted NAS packet in Magma <=1.8.0 decode_linked_ti_ie
CVE-2024-24420 Published on January 21, 2025

A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

NVD

Vulnerability Analysis

CVE-2024-24420 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an assertion failure Vulnerability?

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CVE-2024-24420 has been classified to as an assertion failure vulnerability or weakness.


Products Associated with CVE-2024-24420

Want to know whenever a new CVE is published for Linux Foundation Magma? stack.watch will email you.

Linux Foundation Magma
 

Exploit Probability

EPSS
0.15%
Percentile
34.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.