CVE-2025-56364 PUBLISHED

Assigner: mitre
Reserved: 16.08.2025 Published: 14.07.2026 Updated: 15.07.2026

A use of uninitialized value vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, where the GetDestinationGroupId().Value() method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID. The issue affects all versions before commit 0360cc3 (Dec 5, 2024) and leads to denial of service through SIGABRT. It is fixed by adding a .HasValue() check before access.

Product Status

Vendor n/a
Product n/a
Versions
  • Version n/a is affected

References

Problem Types

  • n/a text