Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-119k-7e76-jybz
SummaryMCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality.
Aliases
0
alias CVE-2024-32883
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32883
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11716
published_at 2026-04-13T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.1178
published_at 2026-04-11T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11741
published_at 2026-04-12T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11797
published_at 2026-04-02T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.1184
published_at 2026-04-04T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.11629
published_at 2026-04-07T12:55:00Z
6
value 0.00039
scoring_system epss
scoring_elements 0.11713
published_at 2026-04-08T12:55:00Z
7
value 0.00039
scoring_system epss
scoring_elements 0.11768
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32883
1
reference_url https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j
reference_id GHSA-m59c-q9gq-rh2j
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-30T15:26:00Z/
url https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j
Weaknesses
0
cwe_id 354
name Improper Validation of Integrity Check Value
description The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Exploits
Severity_range_score7.7 - 7.7
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-119k-7e76-jybz