CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2214 – Missing array size check in _Mtxinit() in the Xtensa port
https://notcve.org/view.php?id=CVE-2024-2214
El archivo afectado era ports/xtensa/xcc/src/tx_clib_lock.c Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more. • https://github.com/RandomRobbieBF/CVE-2024-22145 http://seclists.org/fulldisclosure/2024/May/35 http://www.openwall.com/lists/oss-security/2024/05/28/1 https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x • CWE-129: Improper Validation of Array Index •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2452 – Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()
https://notcve.org/view.php?id=CVE-2024-2452
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. ... Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more. • https://github.com/xF-9979/CVE-2024-24520 http://seclists.org/fulldisclosure/2024/May/35 http://www.openwall.com/lists/oss-security/2024/05/28/1 https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-29195 – Azure C SDK Integer Wraparound Vulnerability
https://notcve.org/view.php?id=CVE-2024-29195
An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. • https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28231 – Manipulated DATA Submessage causes a heap-buffer-overflow error
https://notcve.org/view.php?id=CVE-2024-28231
Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. ... When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. • https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-2608 – Mozilla: Integer overflow could have led to out of bounds write
https://notcve.org/view.php?id=CVE-2024-2608
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. ... The Mozilla Foundation Security Advisory describes this flaw as: `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. • https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html https://www.mozilla.org/security/advisories/mfsa2024-12 https://www.mozilla.org/security/advisories/mfsa2024-13 https://www.mozilla.org/security/advisories/mfsa2024-14 https://access.redhat.com/security/cve/CVE-2024-2608 https://bugzilla.redhat.com/show_bug.cgi?id=2270661 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •