CVE-2024-24996 is described as a heap overflow in the WLInfoRailService component of the product, while CVE-2024-29204 is a heap overflow bug in the WLAvalancheService component. Both could allow a remote unauthenticated attacker to execute arbitrary commands, which is why they have been given a CVSS score of 9.8.

  • KidOPM
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    If anyone is still using it, anyways…