CVE-2025-24797

Published: 04/15/2025 00:15:14
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2.
CRITICAL
CVSS v3: 9.4

Status

DocFilters Release Package State Justification Comment
0.0.0.1 protobuf (3.0.0) Needs Triage
25.2 protobuf (3.0.0) False Positive Code Not Present Issue is in the Meshtastic project, and not in the protobuf library itself. Document Filters does not use Meshtastic code.
25.1.1 protobuf (3.0.0) False Positive Code Not Present Issue is in the Meshtastic project, and not in the protobuf library itself. Document Filters does not use Meshtastic code.
25.1 protobuf (3.0.0) Needs Triage
24.4 protobuf (3.0.0) Needs Triage
24.4.0 protobuf (3.0.0) Needs Triage
24.3 protobuf (3.0.0) Needs Triage
24.2.1 protobuf (3.0.0) Needs Triage
24.2 protobuf (3.0.0) Needs Triage
24.1 protobuf (3.0.0) Needs Triage
23.3 protobuf (3.0.0) Needs Triage
23.2.1 protobuf (3.0.0) Needs Triage
23.2 protobuf (3.0.0) Needs Triage
23.1 protobuf (3.0.0) Needs Triage
22.4 protobuf (3.0.0) Needs Triage
22.3 protobuf (3.0.0) Needs Triage
22.2 protobuf (3.0.0) Needs Triage
22.1 protobuf (3.0.0) Needs Triage
21.11.1 protobuf (3.0.0) Needs Triage
21.11 protobuf (3.0.0) Needs Triage
21.8.1 protobuf (3.0.0) Needs Triage
21.8 protobuf (3.0.0) Needs Triage
21.5.1 protobuf (3.0.0) Needs Triage
21.5.0 protobuf (3.0.0) Needs Triage
21.2.0 protobuf (3.0.0) Needs Triage
11.4.20 protobuf (3.0.0) Needs Triage
11.4.19.3667 protobuf (3.0.0) Needs Triage
11.4.18.3599 protobuf (3.0.0) Needs Triage
11.4.17 protobuf (3.0.0) Needs Triage
11.4.16.3445 protobuf (3.0.0) Needs Triage
11.4.15.3368 protobuf (3.0.0) Needs Triage
11.4.14.3263 protobuf (3.0.0) Needs Triage
11.4.13.3179 protobuf (3.0.0) Needs Triage
11.4.12.3054 protobuf (3.0.0) Needs Triage
11.4.11.3040 protobuf (3.0.0) Needs Triage
11.4.11.2990 protobuf (3.0.0) Needs Triage
11.4.10.2934 protobuf (3.0.0) Needs Triage
11.4.9.2878 protobuf (3.0.0) Needs Triage
11.4.8.2822 protobuf (3.0.0) Needs Triage

Severity score breakdown

Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.4
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Version
3.1

References