CVE-2024-55884

Name of the Vulnerable Software and Affected Versions Mullvad VPN client versions 2024.6 (Desktop) through 2024.8 (iOS) Mullvad VPN client version 2024.8-beta1 (Android)

Description The exception-handling alternate stack in the Mullvad VPN client can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception logging/unix.rs. Achieving code execution is considered non-trivial. This issue may allow an attacker to cause a denial of service.

Recommendations For Mullvad VPN client version 2024.6 (Desktop), update to a version that fixes the issue. For Mullvad VPN client version 2024.8 (iOS), update to a version that fixes the issue. For Mullvad VPN client version 2024.8-beta1 (Android), update to a version that fixes the issue. As a temporary workaround, consider disabling the enable() function in exception logging/unix.rs until a patch is available.