7.8 CVE-2024-49138
CISA Kev Catalog Patch
Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-49138
Categories
CWE-122 : Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues. Pre-design: Use a language or compiler that performs automatic bounds checking. Use an abstraction library to abstract away risky APIs. Not a complete solution. Implement and perform bounds checking on input. Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary. Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth. Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (CWE-681) and potentially leading to an integer overflow (CWE-190). If an integer overflow occurs, this can cause heap memory corruption (CWE-122) Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122) Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122). Chain: machine-learning product can have a heap-basedbuffer overflow (CWE-122) when some integer-oriented bounds arecalculated by using ceiling() and floor() on floating point values(CWE-1339) Chain: integer overflow (CWE-190) causes a negative signed value, which later bypasses a maximum-only check (CWE-839), leading to heap-based buffer overflow (CWE-122).
CWE-NVD-noinfo
References
secure@microsoft.com Patch
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 Patch Vendor Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* | < 10.0.10240.20857 | |
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* | < 10.0.10240.20857 | |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* | < 10.0.14393.7606 | |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* | < 10.0.14393.7606 | |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* | < 10.0.17763.6659 | |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* | < 10.0.17763.6659 | |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* | < 10.0.19044.5247 | |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* | < 10.0.19044.5247 | |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* | < 10.0.19044.5247 | |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* | < 10.0.19045.5247 | |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* | < 10.0.19045.5247 | |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* | < 10.0.19045.5247 | |
| cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:* | < 10.0.22621.4602 | |
| cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* | < 10.0.22621.4602 | |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* | < 10.0.22631.4602 | |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* | < 10.0.22631.4602 | |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* | < 10.0.26100.2605 | |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* | < 10.0.26100.2605 | |
| cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* | < 10.0.14393.7606 | |
| cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* | < 10.0.17763.6659 | |
| cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* | < 10.0.20348.2966 | |
| cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* | < 10.0.25398.1308 | |
| cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* | < 10.0.26100.2605 | |
REMEDIATION
Patch
| Url |
|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| 92 | Forced Integer Overflow |
High |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
