CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-40674: In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code....

Description

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Classification

CVE ID: CVE-2024-40674

Affected Products

Vendor: Google

Product: Android

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-27 (when was this score calculated)

References

https://android.googlesource.com/platform/packages/modules/Wifi/+/debc548ac085ba1ab0582172b97d965e9a1ea43a
https://source.android.com/security/bulletin/2024-10-01

Timeline

2025-01-29 10:30:03 UTC
CVE

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code....