CVE-2024-56318

Name of the Vulnerable Software and Affected Versions Matter (aka connectedhomeip or Project CHIP) versions 1.4.0.0 and earlier, before 27ca6ec

Description The issue is related to a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service. This occurs in the rawTCP.cpp file of the affected software.

Recommendations For Matter (aka connectedhomeip or Project CHIP) versions 1.4.0.0 and earlier, before 27ca6ec, update to a version that includes the fix for the NULL pointer dereference issue in TCPBase::ProcessSingleMessage. As a temporary workaround, consider restricting the handling of TCP packets with zero messageSize to minimize the risk of exploitation.