How severe is CVE-2024-5268?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-5268?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2024-5268

MEDIUM Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-125

View all →

Vulnerability Description

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22428.

CVE-2016-10208

MEDIUM

CVSS:4.3(Medium)

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service...

CWE-1252016

CVE-2017-17182

MEDIUM

CVSS:4.3(Medium)

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R...

CWE-1252017

CVE-2017-17185

MEDIUM

CVSS:4.3(Medium)

CWE-1252017

CVE-2017-17281

MEDIUM

CVSS:4.3(Medium)

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V60...

CWE-1252017

CVE-2018-16427

MEDIUM

CVSS:4.3(Medium)

Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

CWE-1252018

CVE-2018-16866

MEDIUM

CVSS:4.3(Medium)

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions...

CWE-1252018

CVE-2024-5268

Vulnerability Description

Related Vulnerabilities

CVE-2016-10208

CVE-2017-17182

CVE-2017-17185

CVE-2017-17281

CVE-2018-16427

CVE-2018-16866