CVE-2024-24736

Name of the Vulnerable Software and Affected Versions YahooPOPs version 1.6 Silicon Labs Gecko OS (affected versions not specified)

Description The issue allows for a remote denial of service or remote code execution via specific requests to the affected service. For YahooPOPs, this can be achieved by sending a long string to TCP port 110. In the case of Silicon Labs Gecko OS, the vulnerability is related to stack-based buffer overflow in HTTP request handling.

Recommendations For YahooPOPs version 1.6, consider restricting access to TCP port 110 to minimize the risk of exploitation. For Silicon Labs Gecko OS, as a temporary workaround, consider disabling HTTP request handling until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.