CVE-2024-2452

Опубликовано: 26 мар. 2024

Источник: nvd

CVSS3: 7

CVSS3: 9.8

EPSS Низкий

Описание

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.

Ссылки

http://seclists.org/fulldisclosure/2024/May/35
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/28/1
Mailing List
https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx
Patch
Vendor Advisory
http://seclists.org/fulldisclosure/2024/May/35
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/28/1
Mailing List
https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:threadx_netx_duo:*:*:*:*:*:*:*:*

Версия до 6.4.0 (исключая)

EPSS

Процентиль: 34%

0.00141

Низкий

7 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-120

CWE-190

EPSS

Процентиль: 34%

0.00141

Низкий

7 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-120

CWE-190