Is CVE-2024-42040 actively exploited?

CVE-2024-42040 has no public evidence of in-the-wild exploitation as of 2026-04-03.

What is the CVSS score for CVE-2024-42040?

CVE-2024-42040 has a CVSS score of 8.1 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

How do I patch CVE-2024-42040?

Patch guidance is available from denx security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-42040.

Fix CVE-2024-42040 - HIGH denx u-boot

Description

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: high
Weaknesses: CWE-120

Metadata

Primary Vendor: DENX
Published: 8/23/2024
Last Modified: 4/3/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

denx : u-boot

Remediation Guidance

Executive Summary

Cite this page

CVE-2024-42040. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2024-42040

View on NIST NVD

CVE-2024-42040 vulnerability