Marlin
Monthly
Out-of-bounds write in Marlin Firmware (3D printer firmware) through 2.1.2.7 lets attackers corrupt firmware memory through the M421 G-code mesh-bed-leveling handler, which fails to upper-bound the X/Y grid indices before writing a 32-bit float into the z_values array. Any actor able to feed G-code to a printer built with MESH_BED_LEVELING enabled can write an attacker-controlled value past the array, overwriting adjacent firmware state and causing denial of service or unpredictable machine behavior. Publicly available exploit code exists and the fix is committed (1f255d1), but there is no public exploit identified as actively exploited in the wild (not in CISA KEV).
Out-of-bounds write in Marlin Firmware (3D printer firmware) through 2.1.2.7 lets attackers corrupt firmware memory through the M421 G-code mesh-bed-leveling handler, which fails to upper-bound the X/Y grid indices before writing a 32-bit float into the z_values array. Any actor able to feed G-code to a printer built with MESH_BED_LEVELING enabled can write an attacker-controlled value past the array, overwriting adjacent firmware state and causing denial of service or unpredictable machine behavior. Publicly available exploit code exists and the fix is committed (1f255d1), but there is no public exploit identified as actively exploited in the wild (not in CISA KEV).