CVE-2024-8067
CVE-2024-8067 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-176.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.8)
- EPSS exploit prediction: 0% (10th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-49529
- Weakness: CWE-176
- Published:
- Last modified:
Description
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
Frequently asked questions
- What is CVE-2024-8067?
- In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
- How severe is CVE-2024-8067?
- CVE-2024-8067 has a CVSS 4.0 base score of 5.8, rated medium severity.
- Is CVE-2024-8067 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (10th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2024-8067?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-8067 have an EU (EUVD) identifier?
- Yes. CVE-2024-8067 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-49529.
- When was CVE-2024-8067 published?
- CVE-2024-8067 was published on 2024-09-25 and last updated on 2026-06-17.
References
Other CWE-176 vulnerabilities
- CVE-2025-71316 — Critical (CVSS 9.8): SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to…
- CVE-2024-24691 — Critical (CVSS 9.6): Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for…
- CVE-2026-23950 — High (CVSS 8.8): node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an…
- CVE-2024-43093 — High (CVSS 7.3): In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to…
- CVE-2026-4116 — High (CVSS 7.2): Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user…
- CVE-2026-20202 — Medium (CVSS 6.6): In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below…