exploitDog

CVE-2024-2214

Опубликовано: 26 мар. 2024

Источник: nvd

CVSS3: 7

CVSS3: 7.8

EPSS Низкий

Описание

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c

Ссылки

http://seclists.org/fulldisclosure/2024/May/35
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/28/1
Mailing List
https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x
Patch
Vendor Advisory
http://seclists.org/fulldisclosure/2024/May/35
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/28/1
Mailing List
https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:threadx:*:*:*:*:*:*:*:*

Версия до 6.4.0 (исключая)

EPSS

Процентиль: 24%

0.00081

Низкий

7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-129

CWE-129

EPSS

Процентиль: 24%

0.00081

Низкий

7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-129

CWE-129