CVE-2024-56317

Name of the Vulnerable Software and Affected Versions Matter (also known as connectedhomeip or Project CHIP) versions 1.4.0.0 and earlier

Description The issue concerns the WriteAcl function, which first deletes all existing ACL entries and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored, resulting in a denial of service.

Recommendations For Matter versions 1.4.0.0 and earlier, as a temporary workaround, consider disabling the WriteAcl function until a patch is available. Restrict access to the access-control-server.cpp module to minimize the risk of exploitation. Avoid using the WriteAcl function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.