CVE-2024-34446 (GCVE-0-2024-34446)

Vulnerability from cvelistv5 – Published: 2024-05-03 00:00 – Updated: 2024-08-02 02:51
VLAI
Summary
Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • n/a
  • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
Impacted products
Vendor Product Version
mullvad mullvad_vpn Affected: 0 , ≤ 2024.1 (custom)
    cpe:2.3:a:mullvad:mullvad_vpn:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mullvad:mullvad_vpn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mullvad_vpn",
            "vendor": "mullvad",
            "versions": [
              {
                "lessThanOrEqual": "2024.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34446",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T15:52:10.292772Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-923",
                "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T16:00:39.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:11.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mullvad/mullvadvpn-app/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40247604"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T14:37:57.854Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/mullvad/mullvadvpn-app/tags"
        },
        {
          "url": "https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md"
        },
        {
          "url": "https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android"
        },
        {
          "url": "https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40247604"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-34446",
    "datePublished": "2024-05-03T00:00:00.000Z",
    "dateReserved": "2024-05-03T00:00:00.000Z",
    "dateUpdated": "2024-08-02T02:51:11.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-34446",
      "date": "2026-07-16",
      "epss": "0.00599",
      "percentile": "0.44675"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-34446\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-05-03T15:15:08.210\",\"lastModified\":\"2026-06-17T07:33:25.597\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.\"},{\"lang\":\"es\",\"value\":\"Mullvad VPN hasta 2024.1 en Android no configura un servidor DNS en estado de bloqueo (despu\u00e9s de un error grave al crear un t\u00fanel) y, por lo tanto, el tr\u00e1fico DNS puede salir del dispositivo. Los operadores de servidores DNS no deseados pueden observar y registrar datos que muestren que el dispositivo afectado fue el origen de solicitudes DNS confidenciales.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"mullvad\",\"product\":\"mullvad_vpn\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:mullvad:mullvad_vpn:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"2024.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-15T15:52:10.292772Z\",\"id\":\"CVE-2024-34446\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-923\"}]}],\"references\":[{\"url\":\"https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mullvad/mullvadvpn-app/tags\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://news.ycombinator.com/item?id=40247604\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/mullvad/mullvadvpn-app/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://news.ycombinator.com/item?id=40247604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "redhat_vex": {
      "current_release_date": "2026-03-27T10:00:28+00:00",
      "cve": "CVE-2024-34446",
      "id": "CVE-2024-34446",
      "initial_release_date": "2024-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "CVE-2024-34446",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34446.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/mullvad/mullvadvpn-app/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=40247604\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:51:11.410Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34446\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-15T15:52:10.292772Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mullvad:mullvad_vpn:*:*:*:*:*:*:*:*\"], \"vendor\": \"mullvad\", \"product\": \"mullvad_vpn\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.1\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-923\", \"description\": \"CWE-923 Improper Restriction of Communication Channel to Intended Endpoints\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-15T15:52:01.495Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/mullvad/mullvadvpn-app/tags\"}, {\"url\": \"https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md\"}, {\"url\": \"https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android\"}, {\"url\": \"https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13\"}, {\"url\": \"https://news.ycombinator.com/item?id=40247604\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-03T14:37:57.854059\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34446\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:51:11.410Z\", \"dateReserved\": \"2024-05-03T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-05-03T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…