Vulnerability DatabaseCVE-2024-37676

CVE-2024-37676:
Linux Ubuntu vulnerability analysis and mitigation

Overview

An issue in htop-dev htop version 2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. The vulnerability was disclosed on June 20, 2024, and affects the process viewer's configuration file handling (NVD, Debian Tracker).

Technical details

The vulnerability occurs when htop processes the configuration file with the number of rightmetermodes configured as len. If the number of rightmeters configured does not match, then an out-of-bounds access is generated in the HeaderpopulateFromSettings function. The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

Impact

The vulnerability could potentially lead to unauthorized access and system compromise through out-of-bounds memory access. The issue has been classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write) (NVD).

Mitigation and workarounds

According to Ubuntu's security advisory, several versions are not affected including 24.10, 24.04 LTS, 23.10, and 22.04 LTS. However, version 20.04 LTS remains vulnerable. Users should update to an unaffected version when available (Ubuntu).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-40000	CRITICAL	9.8	Linux Kernel	linux-aws	No	No	Oct 15, 2025
CVE-2025-39996	CRITICAL	9.8	Linux Kernel	linux-riscv-6.8	No	No	Oct 15, 2025
CVE-2025-39998	HIGH	7.8	Linux Kernel	kernel-rt-64k-debug-core	No	No	Oct 15, 2025
CVE-2025-39995	HIGH	7.1	Linux Debian	linux-azure	No	No	Oct 15, 2025
CVE-2025-39997	N/A	N/A	Linux Kernel	kernel	No	No	Oct 15, 2025