{"id":"CVE-2024-36671","details":"nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.","modified":"2026-04-12T08:40:54.553962Z","published":"2024-11-29T15:15:17.027Z","references":[{"type":"REPORT","url":"https://github.com/nodemcu/nodemcu-firmware/issues/3626"},{"type":"FIX","url":"https://github.com/nodemcu/nodemcu-firmware/commit/193fe3593eb1537667179089535cdb7457327887#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721"},{"type":"FIX","url":"https://github.com/nodemcu/nodemcu-firmware/pull/3633"},{"type":"FIX","url":"https://github.com/nodemcu/nodemcu-firmware/pull/3634"},{"type":"FIX","url":"https://github.com/nodemcu/nodemcu-firmware/pull/3635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nodemcu/nodemcu-firmware","events":[{"introduced":"0"},{"fixed":"4b92eab71a3573a3f948977878514de7def76ff8"},{"fixed":"193fe3593eb1537667179089535cdb7457327887"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"v3.0.0-release_20240225"}]}}],"versions":["0.9.5_20150318","0.9.6-dev_20150625","0.9.6-dev_20150627","1.4.0-master_20151229","1.5.1-master_20160603","1.5.4.1-master_20160802","1.5.4.1-master_20161001","1.5.4.1-master_20161201","2.0.0-master_20170202","2.1.0-master_20170521","2.1.0-master_20170811","2.1.0-master_20170824","2.2.0-master_20180402","2.2.0-master_20180608","2.2.1-master_20180915","2.2.1-master_20181207","2.2.1-master_20190405","20150213","3.0-master_20190907","3.0-master_20200610","3.0-master_20200910","3.0-release_20200910","3.0-release_20201107","3.0.0-release_20210201","3.0.0-release_20211229"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36671.json","vanir_signatures_modified":"2026-04-12T08:40:54Z","vanir_signatures":[{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-3e1c687a","digest":{"line_hashes":["165526976446728282179721291465098003693","67533136828261785165845379950519718456","234624432670345480240098546690494913656","85353206519526045087760257000790209894","151669601506955497285741728769286511839"],"threshold":0.9},"target":{"file":"app/lua/luac_cross/luac.c"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-4bc38981","digest":{"function_hash":"182352665236977211596008024531104214733","length":738},"target":{"function":"pipe_create","file":"app/modules/pipe.c"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-5a684d5a","digest":{"line_hashes":["135293912379479425832494769242786965277","199368059245489020085602987930293523993","152630218327863896858779784050444420989","187927016100046827094034416463712902043","23406288968504426559354781077681465164","227809396006886097334944749564585023014","305573116488075562440457396318559793069","141161249152614204923235370378926147164","35969508396110552031556581238366402318"],"threshold":0.9},"target":{"file":"app/modules/color_utils.c"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-7665b6b1","digest":{"line_hashes":["262569712250752632620881857107824199431","108849166706762688234053878495191959052","259986484524160432055938300960983566427","230438464507691708723476476924835326570","92874218047919183012789450747365213221","287109850292785334097417221311787567384","189749150458833299894443623039076836433","81721188323076906133205076034425765798","252509851118148729674609357348224237409","132741071033005450658629878351526083368","327238764355530685897007840809964251062","425323071434165100633417055549503063","50539770357897886960015736224542120466","209424037438110226882968496823308952458","207985521372826876345747054525024274100","271065613283064373209169829747251592484","253847950700123445774369667529184029779"],"threshold":0.9},"target":{"file":"app/lua/linit.c"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-7d2e5df5","digest":{"line_hashes":["144619212903235998970224493833665104040","197755266231201920828104078865005237009","252514398301294520791151463002975522072","321015372755843863567400632897550365794","312884997555763181777692738463650166903","11986468834996967669582675154879423888","246448165086358855443011887128429995421","18137303215956527867979991082440111202","147295200295973583023355740235152406775","161649543978959193409097636945769651338","4273255583193039031449262129618749066","11554853770024487621611918378376093304"],"threshold":0.9},"target":{"file":"app/modules/pipe.c"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-bac43903","digest":{"function_hash":"284987886228535607953240243927825071165","length":1557},"target":{"function":"pmain","file":"app/lua/luac_cross/luac.c"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-bc33443e","digest":{"line_hashes":["48149716188825734357688265724358001338","135293912379479425832494769242786965277","199368059245489020085602987930293523993","152630218327863896858779784050444420989","187927016100046827094034416463712902043","23406288968504426559354781077681465164","227809396006886097334944749564585023014","223819810150619010023085585552512166239","173504783616700940463396463138117707828","129263400523616471801441041851498434769"],"threshold":0.9},"target":{"file":"app/modules/color_utils.h"}},{"source":"https://github.com/nodemcu/nodemcu-firmware/commit/4b92eab71a3573a3f948977878514de7def76ff8","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2024-36671-deee070e","digest":{"line_hashes":["33183042613565895250146258160911814426","119317432521772167950040814724943399446","132770364800913629009456369007482015918","89460597058768877883041252106985977389","230438464507691708723476476924835326570","84858937201768188346049531698551371277","183766946126662642903860356263714292817","323851766160663815902261792370551976420","216568755433424578970679091253290053434","209424037438110226882968496823308952458","205305831207263775545385156611301641904","191938404837805446922725590871801151873","121145943713563040990557078146267631513","73095982399332724023954997967442326511"],"threshold":0.9},"target":{"file":"app/lua53/linit.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}