CVE-2024-7490

Name of the Vulnerable Software and Affected Versions Microchip Advanced Software Framework versions through 3.52.0.2574

Description The issue is related to an Improper Input Validation vulnerability in the Microchip Technology Advanced Software Framework example DHCP server, which can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip dhcp find option. The vulnerability could be widespread, impacting Advanced Software Framework versions 3.52.0.2574 and earlier.

Recommendations Apply the provided workaround or migrate to an actively maintained framework, as the Advanced Software Framework is no longer being supported. As a temporary workaround, consider disabling the

lwip dhcp find option

routine until a patch is available. Restrict access to the vulnerable

tinydhcpserver.C

file to minimize the risk of exploitation. Avoid using the vulnerable DHCP server implementation in the Advanced Software Framework until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.