Skip to main content

Rt Thread CVE-2024-25392

MEDIUM
Out-of-bounds Read (CWE-125)
2024-03-27 cve@mitre.org
5.9
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.9 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 27, 2024 - 03:15 cve.org
MEDIUM 5.9

DescriptionCVE.org

An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.

AnalysisAI

An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. Affected products include: Rt-Thread. Version information: through 5.0.2..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2025-5865 HIGH POC
8.0 Jun 09

Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select syscall handler that allows authenticated local

CVE-2025-5867 HIGH POC
8.0 Jun 09

Critical null pointer dereference vulnerability in RT-Thread 5.1.0's lwp_syscall.c csys_sendto function, allowing authen

CVE-2025-5869 HIGH POC
8.0 Jun 09

Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_recvfrom syscall handler that allows authenticated loc

CVE-2025-5866 HIGH POC
8.0 Jun 09

A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.

CVE-2025-5868 HIGH POC
8.0 Jun 09

Critical array index validation vulnerability in RT-Thread 5.1.0's signal mask syscall handler that allows authenticated

CVE-2025-6693 HIGH POC
7.8 Jun 26

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_dev

CVE-2026-14606 HIGH POC
7.1 Jul 03

Stack-based buffer overflow in RT-Thread RTOS (versions up to and including 5.0.2) affects the CAN_Receive function with

CVE-2026-14605 HIGH POC
7.1 Jul 03

Stack-based buffer overflow in RT-Thread RTOS (versions up to and including 5.0.2) affects the recvmsg function within t

CVE-2024-25393 CRITICAL
9.8 Mar 27

A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. Rated critical severity (CVSS 9.8),

CVE-2026-14607 MEDIUM POC
5.4 Jul 03

Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to cras

CVE-2025-1115 MEDIUM POC
4.8 Feb 08

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Rated medium severity (CVSS 4.8), this vul

CVE-2024-25395 HIGH
8.8 Mar 27

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.8), t

Share

CVE-2024-25392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy