ГлавнаяУязвимости → CVE-2024-2212
7.3высокая

CVE-2024-2212

Описание

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.

Затрагиваемое ПО
Eclipse Threadx
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Источники
http://seclists.org/fulldisclosure/2024/May/35http://www.openwall.com/lists/oss-security/2024/05/28/1https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6http://seclists.org/fulldisclosure/2024/May/35http://www.openwall.com/lists/oss-security/2024/05/28/1https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6