Description
A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
References (6)
Core 6
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.283410
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.283410
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.435372
Exploit, Issue Tracking, Third Party Advisory issue-tracking
https://github.com/emqx/neuron/issues/2280
Patch issue-tracking
https://github.com/emqx/neuron/pull/2286
Patch issue-tracking
patch
https://github.com/emqx/neuron/pull/2286/commits/3e3a583d72548af1740b3e61a5eab3b628cc439e
Scores
CVSS v3
6.3
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-120
Status
published
Products (1)
emqx/neuron
< 2.10.0
Published
Nov 07, 2024
Tracked Since
Feb 18, 2026