Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local CAN interface access at low privilege with no user interaction (AV:L/PR:L/UI:N); stack overflow on an MMU-less RTOS yields full code-execution impact, so C:H/I:H/A:H.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in RT-Thread RTOS (versions up to and including 5.0.2) affects the recvmsg function within the ls1c CAN handler (bsp/loongson/ls1cdev/libraries/ls1c_can.h) for the Loongson LS1C board support package. A local attacker with low privileges can manipulate the recvmsg call path to overflow a stack buffer, corrupting memory to achieve code execution or crash the device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that the target device actually runs RT-Thread (≤5.0.2) built with the Loongson LS1C board support package and its ls1c CAN driver (ls1c_can.h) - devices without this BSP or CAN handler are not exposed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderate and partially conflicting. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with local, low-privilege access to an RT-Thread device running the Loongson LS1C CAN driver invokes recvmsg on the CAN interface with a crafted message that exceeds the fixed stack buffer, overflowing it and overwriting the return address to hijack control flow or crash the device. Because public proof-of-concept exploit code exists (VulDB), the barrier to reproducing the overflow is low for someone already positioned on or adjacent to the device's CAN subsystem. |
| Remediation | No vendor-released patch identified at time of analysis - the vendor was contacted but did not respond, so no fixed version number can be cited. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running RT-Thread RTOS versions ≤5.0.2 on Loongson LS1C boards; classify by operational criticality and network exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select syscall handler that allows authenticated local
Critical null pointer dereference vulnerability in RT-Thread 5.1.0's lwp_syscall.c csys_sendto function, allowing authen
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_recvfrom syscall handler that allows authenticated loc
A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.
Critical array index validation vulnerability in RT-Thread 5.1.0's signal mask syscall handler that allows authenticated
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_dev
Stack-based buffer overflow in RT-Thread RTOS (versions up to and including 5.0.2) affects the CAN_Receive function with
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. Rated critical severity (CVSS 9.8),
Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to cras
A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Rated medium severity (CVSS 4.8), this vul
A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.8), t
A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), th
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41562
GHSA-whcm-77gq-7fj3