CVE-2024-2452

Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control
parameters of __portable_aligned_alloc() could cause an integer
wrap-around and an allocation smaller than expected. This could cause
subsequent heap buffer overflows.

En Eclipse ThreadX NetX Duo anterior a 6.4.0, si un atacante puede controlar los parámetros de __portable_aligned_alloc() podría provocar una envoltura de enteros y una asignación menor de lo esperado. Esto podría provocar desbordamientos de búfer de almacenamiento dinámico.

Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more.

*Credits: Marco Ivaldi

CVSS Scores

Eclipse Foundationv3.1 7.0

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-14 CVE Reserved
2024-03-17 First Exploit
2024-03-26 CVE Published
2024-06-11 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-190: Integer Overflow or Wraparound

CAPEC

References (4)

URL	Tag	Source
http://seclists.org/fulldisclosure/2024/May/35
http://www.openwall.com/lists/oss-security/2024/05/28/1
https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx

URL	Date	SRC
https://github.com/xF-9979/CVE-2024-24520	2024-03-17

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Eclipse Foundation Search vendor "Eclipse Foundation"		ThreadX Search vendor "Eclipse Foundation" for product "ThreadX"				< 6.4.0 Search vendor "Eclipse Foundation" for product "ThreadX" and version " < 6.4.0"		en		Affected