CVE-2024-54129

CVE-2024-54129 is a critical-severity vulnerability with a CVSS 4.0 base score of 9.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-665.

Key facts

Description

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s.

Frequently asked questions

What is CVE-2024-54129?
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s.
How severe is CVE-2024-54129?
CVE-2024-54129 has a CVSS 4.0 base score of 9.2, rated critical severity.
Is CVE-2024-54129 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (34th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2024-54129?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
Does CVE-2024-54129 have an EU (EUVD) identifier?
Yes. CVE-2024-54129 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-52304.
When was CVE-2024-54129 published?
CVE-2024-54129 was published on 2024-12-05 and last updated on 2026-06-17.

References

Other CWE-665 (Improper Initialization) vulnerabilities

Browse all CWE-665 (Improper Initialization) vulnerabilities →