Home

Description

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial.

PUBLISHED Reserved 2024-12-11 | Published 2024-12-11 | Updated 2024-12-12 | Assigner mitre




CRITICAL: 9.0CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

References

x41-dsec.de/news/2024/12/11/mullvad/

news.ycombinator.com/item?id=42390768

github.com/...ommit/ef6c862071b26023802b00d6e1dc6ca53d1ab3e6

cve.org (CVE-2024-55884)

nvd.nist.gov (CVE-2024-55884)

Download JSON