CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30212 – Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
https://notcve.org/view.php?id=CVE-2024-30212
28 May 2024 — If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash. Si se inicia un comando SCSI READ... • https://github.com/Fehr-GmbH/blackleak • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17441
https://notcve.org/view.php?id=CVE-2020-17441
11 Dec 2020 — An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c). Se detectó un problema en picoTCP versión 1.7.0. El código para procesar los encab... • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-125: Out-of-bounds Read •