CVE-2024-29195

Name of the Vulnerable Software and Affected Versions azure-c-shared-utility (affected versions not specified)

Description The azure-c-shared-utility library has a vulnerability related to the parameter checking mechanism, which can cause an integer wraparound, under-allocation, or heap buffer overflow. This issue can be exploited by an attacker to achieve remote code execution (RCE) by sending malformed payloads to devices via the IoT Hub service. The requirements for RCE include a compromised Azure account, exceeding the IoT Hub service's maximum message payload limit of 128KB, and the ability to overwrite code space with remote code. The buffer length parameter is exploited in the Azure C SDK.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.