High severity7.5NVD Advisory· Published Dec 18, 2024· Updated Apr 15, 2026

CVE-2024-56318

Description

In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.

Patches

27ca6ec255b7

https://github.com/project-chip/connectedhomeipvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/project-chip/connectedhomeip/commit/27ca6ec255b78168e04bd71e0f1a473869cf144bnvd
github.com/project-chip/connectedhomeip/issues/36750nvd
github.com/project-chip/connectedhomeip/pull/36751nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000