CVE-2024-10253

CWE-122Heap-based Buffer Overflow3 documents3 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 71.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Lenovo APP StoreLenovo BrowserLenovo PC Manager
Timeline
PublishedJan 14
Latest updateJan 15

Description

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

CVEListV5lenovo/browser< 9.0.5.12181
CVEListV5lenovo/app_store< 9.0.20
CVEListV5lenovo/pc_manager< 5.1.90.12092

🔴Vulnerability Details

2
GHSA
GHSA-3825-9v33-mrxq: A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system2025-01-15
CVEList
CVE-2024-10253: A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system2025-01-14
CVE-2024-10253 (MEDIUM CVSS 4.7) | A potential TOCTOU vulnerability wa | cvebase.io