CVE-2024-58109 – A buffer overflow vulnerability exists in the c... (How to Fix)

Q: What is the severity of CVE-2024-58109?

CVE-2024-58109 has a CVSS score of 4.6 (MEDIUM). A buffer overflow vulnerability exists in the codec module that could allow attackers to crash affected systems by sending specially crafted data. This affects availability of systems running vulnerable Huawei products. The vulnerability requires local or network access to exploit.

📋 TL;DR

A buffer overflow vulnerability exists in the codec module that could allow attackers to crash affected systems by sending specially crafted data. This affects availability of systems running vulnerable Huawei products. The vulnerability requires local or network access to exploit.

💻 Affected Systems

Products:

Huawei products with vulnerable codec modules

Versions: Specific versions not detailed in provided reference; check Huawei advisory for exact affected versions.

Operating Systems: Multiple - depends on Huawei product implementation

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in codec module processing; exact affected configurations require checking Huawei's detailed advisory.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or denial of service, potentially leading to extended downtime of affected services.

🟠

Likely Case

Service disruption or application crash requiring restart of affected components.

🟢

If Mitigated

Minimal impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires sending crafted data to vulnerable codec endpoints, but impact is limited to availability.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt services, but requires access to vulnerable interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting specific input to trigger buffer overflow; CVSS 4.6 suggests moderate complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei advisory for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/4/

Restart Required: Yes

Instructions:

1. Review Huawei security advisory. 2. Identify affected products/versions. 3. Apply vendor-provided patches. 4. Restart affected services/systems.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation for codec module inputs to prevent buffer overflow triggers.

Memory Protection

linux

Enable ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) where supported.

sysctl -w kernel.randomize_va_space=2

🧯 If You Can't Patch

Isolate vulnerable systems from untrusted networks
Implement network segmentation to limit access to codec services

🔍 How to Verify

Check if Vulnerable:

Check system/product version against Huawei's affected versions list in advisory.

Check Version:

Product-specific; consult Huawei documentation for version checking commands.

Verify Fix Applied:

Verify installed version matches or exceeds patched version specified in Huawei advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes
Memory access violation errors
Codec service restarts

Network Indicators:

Unusual traffic patterns to codec service ports
Malformed data packets to codec endpoints

SIEM Query:

Process: (crash OR termination) AND Module: (codec OR decoder OR encoder)

📊 Metadata

CVE ID: CVE-2024-58109

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CWE: CWE-120

EPSS Score: 0.14% exploit probability (33.5th percentile)

Published: April 7, 2025

Last Updated: May 7, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2025/4/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58109, you might also want to check these: