PT-2024-20172 · Open Networking Foundation · Libfluid
Gabriele Quagliarella
·
Published
2024-09-18
·
Updated
2025-12-17
·
CVE-2024-23915
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libfluid version 0.1.0
Description
The issue is related to an Unchecked Return Value to NULL Pointer Dereference vulnerability in the Open Networking Foundation (ONF) libfluid, specifically in the libfluid msg module. This vulnerability is associated with program routines fluid msg::of13::InstructionSet::unpack.
Recommendations
For libfluid version 0.1.0, as a temporary workaround, consider disabling the fluid msg::of13::InstructionSet::unpack routine until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libfluid