In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.
History

Wed, 18 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Description In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.
Weaknesses CWE-281
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-12-18T00:00:00

Updated: 2024-12-18T23:12:42.400Z

Reserved: 2024-12-18T00:00:00

Link: CVE-2024-56317

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2024-12-18T23:15:18.023

Modified: 2024-12-18T23:15:18.023

Link: CVE-2024-56317

cve-icon Redhat

No data.