CVE-2025-24797
Published: 04/15/2025 00:15:14
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2.
CRITICAL
CVSS v3: 9.4
CVSS v3: 9.4
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | protobuf (3.0.0) | Needs Triage | ||
| 25.2 | protobuf (3.0.0) | False Positive | Code Not Present | Issue is in the Meshtastic project, and not in the protobuf library itself. Document Filters does not use Meshtastic code. |
| 25.1.1 | protobuf (3.0.0) | False Positive | Code Not Present | Issue is in the Meshtastic project, and not in the protobuf library itself. Document Filters does not use Meshtastic code. |
| 25.1 | protobuf (3.0.0) | Needs Triage | ||
| 24.4 | protobuf (3.0.0) | Needs Triage | ||
| 24.4.0 | protobuf (3.0.0) | Needs Triage | ||
| 24.3 | protobuf (3.0.0) | Needs Triage | ||
| 24.2.1 | protobuf (3.0.0) | Needs Triage | ||
| 24.2 | protobuf (3.0.0) | Needs Triage | ||
| 24.1 | protobuf (3.0.0) | Needs Triage | ||
| 23.3 | protobuf (3.0.0) | Needs Triage | ||
| 23.2.1 | protobuf (3.0.0) | Needs Triage | ||
| 23.2 | protobuf (3.0.0) | Needs Triage | ||
| 23.1 | protobuf (3.0.0) | Needs Triage | ||
| 22.4 | protobuf (3.0.0) | Needs Triage | ||
| 22.3 | protobuf (3.0.0) | Needs Triage | ||
| 22.2 | protobuf (3.0.0) | Needs Triage | ||
| 22.1 | protobuf (3.0.0) | Needs Triage | ||
| 21.11.1 | protobuf (3.0.0) | Needs Triage | ||
| 21.11 | protobuf (3.0.0) | Needs Triage | ||
| 21.8.1 | protobuf (3.0.0) | Needs Triage | ||
| 21.8 | protobuf (3.0.0) | Needs Triage | ||
| 21.5.1 | protobuf (3.0.0) | Needs Triage | ||
| 21.5.0 | protobuf (3.0.0) | Needs Triage | ||
| 21.2.0 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.20 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.19.3667 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.18.3599 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.17 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.16.3445 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.15.3368 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.14.3263 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.13.3179 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.12.3054 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.11.3040 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.11.2990 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.10.2934 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.9.2878 | protobuf (3.0.0) | Needs Triage | ||
| 11.4.8.2822 | protobuf (3.0.0) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.4
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Version
3.1