Skip to main content

Nuttx

10 CVEs product

Monthly

CVE-2025-48769 HIGH This Week

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. [CVSS 8.1 HIGH]

Apache Use After Free Nuttx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-48768 MEDIUM This Month

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]

Apache Null Pointer Dereference Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47869 CRITICAL PATCH Act Now

Buffer overflow vulnerability in the Apache NuttX RTOS xmlrpc example application where device statistics structures use hardcoded buffer sizes that do not account for the CONFIG_XMLRPC_STRINGSIZE configuration parameter, allowing remote attackers to overflow memory without authentication. This affects Apache NuttX RTOS versions 6.22 through 12.8.x, with a critical CVSS score of 9.8 indicating high severity across confidentiality, integrity, and availability. The vulnerability is particularly dangerous because developers may have copied the vulnerable example code into production implementations, extending the attack surface beyond the example application itself.

Buffer Overflow Apache Nuttx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-47868 CRITICAL PATCH Act Now

A buffer overflow vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Buffer Overflow Heap Overflow Apache Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-35003 CRITICAL POC Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Buffer Overflow RCE Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-26461 CRITICAL Act Now

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Apache Nuttx
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-17529 CRITICAL Act Now

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Nuttx
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-17528 CRITICAL Act Now

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Nuttx
NVD
CVSS 3.1
9.1
EPSS
3.1%
CVE-2020-1939 CRITICAL PATCH Act Now

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Apache Null Pointer Dereference Denial Of Service Nuttx
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-20578 HIGH POC This Week

An issue was discovered in NuttX before 7.27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nuttx
NVD
CVSS 3.0
7.5
EPSS
1.6%
EPSS 0% CVSS 8.1
HIGH This Week

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. [CVSS 8.1 HIGH]

Apache Use After Free Nuttx
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]

Apache Null Pointer Dereference Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow vulnerability in the Apache NuttX RTOS xmlrpc example application where device statistics structures use hardcoded buffer sizes that do not account for the CONFIG_XMLRPC_STRINGSIZE configuration parameter, allowing remote attackers to overflow memory without authentication. This affects Apache NuttX RTOS versions 6.22 through 12.8.x, with a critical CVSS score of 9.8 indicating high severity across confidentiality, integrity, and availability. The vulnerability is particularly dangerous because developers may have copied the vulnerable example code into production implementations, extending the attack surface beyond the example application itself.

Buffer Overflow Apache Nuttx
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A buffer overflow vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Buffer Overflow Heap Overflow Apache +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Buffer Overflow RCE +2
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL Act Now

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Apache +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +1
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Apache Null Pointer Dereference Denial Of Service +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in NuttX before 7.27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nuttx
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy