CVE-2024-32916

Medium CVSS 5.9

Overview

In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE: CWE-665 Published: 2024-06-13T21:15:55.533

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.9 (MEDIUM)
Detected tags: info_leak (tag impact: LOW)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.

Overview

Recommended tools

Tags