CVE-2024-2212

Опубликовано: 26 мар. 2024

Источник: nvd

CVSS3: 7.3

CVSS3: 7.8

EPSS Низкий

Описание

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.

Ссылки

http://seclists.org/fulldisclosure/2024/May/35
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/28/1
Mailing List
https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6
Exploit
Patch
Vendor Advisory
http://seclists.org/fulldisclosure/2024/May/35
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/28/1
Mailing List
https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:threadx:*:*:*:*:*:*:*:*

Версия до 6.4.0 (исключая)

EPSS

Процентиль: 32%

0.00125

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122

CWE-190

EPSS

Процентиль: 32%

0.00125

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122

CWE-190