project-chip/connectedhomeip

GitHub

github.com

buildwithmatter.com

Releases38

Frequency1 month 2 weeks

Last Release about 2 months ago

Stars8.79K

Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-56317 ↗	Dec 18, 2024Wednesday, 18 December 2024, 23:15	7.5 HIGH	—
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.
CVE-2024-56318 ↗	Dec 18, 2024Wednesday, 18 December 2024, 23:15	7.5 HIGH	—
In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.
CVE-2024-56319 ↗	Dec 18, 2024Wednesday, 18 December 2024, 23:15	7.5 HIGH	—
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion).
CVE-2023-42189 ↗	Oct 10, 2023Tuesday, 10 October 2023, 03:15	7.5 HIGH	—
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.