A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, TargetNavigator, etc.). The function lacks proper validation of the delegate pointer before dereferencing. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). This issue has been confirmed in SDK version v1.4 (commit ab3d5ae).
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 14 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, TargetNavigator, etc.). The function lacks proper validation of the delegate pointer before dereferencing. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). This issue has been confirmed in SDK version v1.4 (commit ab3d5ae). | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-14T22:19:59.869Z
Reserved: 2025-08-16T00:00:00.000Z
Link: CVE-2025-56363
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.