CVE-2024-56317
HIGHMatter < 1.4.0.0 - Denial of Service via ACL Entry Decoding Failure
Title source: llmDescription
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.
References (1)
Core 1
Core References
Issue Tracking
https://github.com/project-chip/connectedhomeip/issues/36535
Scores
CVSS v3
7.5
EPSS
0.0036
EPSS Percentile
27.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-281
Status
published
Products (1)
Matter/Matter
< 1.4.0.0
Published
Dec 18, 2024
Tracked Since
Feb 18, 2026