Rt Thread
CVE-2024-25392
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.
AnalysisAI
An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. Affected products include: Rt-Thread. Version information: through 5.0.2..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select syscall handler that allows authenticated local
Critical null pointer dereference vulnerability in RT-Thread 5.1.0's lwp_syscall.c csys_sendto function, allowing authen
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_recvfrom syscall handler that allows authenticated loc
A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.
Critical array index validation vulnerability in RT-Thread 5.1.0's signal mask syscall handler that allows authenticated
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_dev
Stack-based buffer overflow in RT-Thread RTOS (versions up to and including 5.0.2) affects the CAN_Receive function with
Stack-based buffer overflow in RT-Thread RTOS (versions up to and including 5.0.2) affects the recvmsg function within t
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. Rated critical severity (CVSS 9.8),
Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to cras
A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Rated medium severity (CVSS 4.8), this vul
A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.8), t
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today