CVE-2024-10395 – This vulnerability in Zephyr RTOS's HTTP server... (How to Fix)

Q: What is the severity of CVE-2024-10395?

CVE-2024-10395 has a CVSS score of 8.6 (HIGH). This vulnerability in Zephyr RTOS's HTTP server allows buffer overflow attacks due to improper input length validation when processing file extensions. Attackers can exploit this to execute arbitrary code or crash affected devices. Systems running vulnerable Zephyr versions with HTTP server functionality are affected.

📋 TL;DR

This vulnerability in Zephyr RTOS's HTTP server allows buffer overflow attacks due to improper input length validation when processing file extensions. Attackers can exploit this to execute arbitrary code or crash affected devices. Systems running vulnerable Zephyr versions with HTTP server functionality are affected.

💻 Affected Systems

Products:

Zephyr RTOS

Versions: Versions before the fix (check specific advisory for exact range)

Operating Systems: Zephyr RTOS on various embedded platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with HTTP server functionality enabled and exposed

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or device takeover

🟠

Likely Case

Denial of service causing device crashes or instability

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms

🌐 Internet-Facing: HIGH - HTTP servers are typically internet-facing and accessible remotely

🏢 Internal Only: MEDIUM - Internal network exposure still presents risk from internal threats

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires sending specially crafted HTTP requests with malicious file extension data

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zephyr security advisory for specific fixed version

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to patched version. 2. Rebuild firmware with updated Zephyr source. 3. Deploy updated firmware to affected devices.

🔧 Temporary Workarounds

Disable HTTP Server

all

Disable HTTP server functionality if not required

CONFIG_HTTP_SERVER=n in project configuration

Input Validation Filter

all

Implement custom input validation for file extension processing

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices
Deploy web application firewall (WAF) to filter malicious HTTP requests

🔍 How to Verify

Check if Vulnerable:

Check Zephyr version and verify HTTP server is enabled in configuration

Check Version:

Check Zephyr version in source code or build configuration

Verify Fix Applied:

Verify Zephyr version is updated to patched version and rebuild firmware

📡 Detection & Monitoring

Log Indicators:

HTTP requests with unusually long file extensions
Device crashes or restarts after HTTP requests

Network Indicators:

HTTP requests with crafted Content-Type headers or file extensions

SIEM Query:

http.request.uri contains "." AND http.request.uri length > threshold

📊 Metadata

CVE ID: CVE-2024-10395

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE: CWE-127

EPSS Score: 0.29% exploit probability (52.2th percentile)

Published: February 3, 2025

Last Updated: October 29, 2025

🔗 References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv Patch,Vendor Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10395, you might also want to check these: