Vulnerabilites related to apache - nuttx
Vulnerability from fkie_nvd
Published
2020-12-09 17:15
Modified
2024-11-21 05:08
Severity ?
Summary
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2020/12/09/5 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/12/09/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1E7044-57DF-4956-BFB8-350EC7DC0428",
"versionEndIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:nuttx:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2710888-C209-4CC2-AEB8-E606B2EDF5E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escritura fuera de l\u00edmites en la pila TCP de Apache NuttX (incubating) versiones hasta e incluyendo a 9.1.0 y 10.0.0, permite a un atacante corromper la memoria al suministrar un valor de compensaci\u00f3n de fragmentaci\u00f3n no v\u00e1lido especificado en el encabezado IP.\u0026#xa0;Esto solo afecta a las compilaciones con los indicadores de compilaci\u00f3n CONFIG_EXPERIMENTAL y CONFIG_NET_TCP_REASSEMBLY habilitados"
}
],
"id": "CVE-2020-17529",
"lastModified": "2024-11-21T05:08:18.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-09T17:15:29.977",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-21 17:15
Modified
2024-11-21 05:56
Severity ?
Summary
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51892CA5-29E2-45AF-9BDC-BA900F75A602",
"versionEndExcluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
},
{
"lang": "es",
"value": "Apache Nuttx versiones anteriores a 10.1.0, son vulnerables a una envoltura de enteros en las funciones malloc, realloc y memalign. Esta asignaci\u00f3n de memoria inapropiada puede conllevar a una asignaci\u00f3n de memoria arbitraria, resultando en un comportamiento inesperado, tal y como un bloqueo o una inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-26461",
"lastModified": "2024-11-21T05:56:24.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-21T17:15:09.103",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-09 17:15
Modified
2024-11-21 05:08
Severity ?
Summary
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2020/12/09/4 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/12/09/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1E7044-57DF-4956-BFB8-350EC7DC0428",
"versionEndIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:nuttx:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2710888-C209-4CC2-AEB8-E606B2EDF5E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escritura fuera de l\u00edmites en la pila TCP de Apache NuttX (incubating) versiones hasta e incluyendo a 9.1.0 y 10.0.0, permite a un atacante corromper la memoria al suministrar compensaciones arbitrarias de puntero de datos urgentes dentro de los paquetes TCP, inclusive m\u00e1s all\u00e1 de la longitud del paquete"
}
],
"id": "CVE-2020-17528",
"lastModified": "2024-11-21T05:08:18.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-09T17:15:29.900",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-12 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E | Mailing List, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "575A5C69-8299-4DB5-B0D5-29080FE5898E",
"versionEndIncluding": "8.2",
"versionStartIncluding": "6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
},
{
"lang": "es",
"value": "El proyecto Apache NuttX (Incubating) proporciona un repositorio separado opcional de \"apps\" que contiene varios componentes opcionales y programas ejemplo. Uno de ellos, ftpd, presentaba un bug de desreferencia de puntero NULL. El NuttX RTOS no est\u00e1 afectado. Los usuarios del repositorio opcional de \"apps\" s\u00f3lo est\u00e1n afectados si han habilitado el ftpd. Las versiones 6.15 a 8.2 est\u00e1n afectadas."
}
],
"id": "CVE-2020-1939",
"lastModified": "2024-11-21T05:11:39.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-12T15:15:12.533",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-16 11:15
Modified
2025-06-17 19:38
Severity ?
Summary
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).
This issue affects Apache NuttX: from 6.9 before 12.9.0.
Users are recommended to upgrade to version 12.9.0, which fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/nuttx/pull/16000 | Issue Tracking, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/06/14/1 | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8286D6-20AD-484E-9FC5-05EC05A33102",
"versionEndExcluding": "12.9.0",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\n\nThis issue affects Apache NuttX: from 6.9 before 12.9.0.\n\nUsers are recommended to upgrade to version 12.9.0, which fixes the issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar un desbordamiento de b\u00fafer basado en el mont\u00f3n en la utilidad de conversi\u00f3n de fuentes tools/bdf-converter, que forma parte del repositorio de Apache NuttX RTOS. Este programa independiente es opcional y no forma parte de NuttX RTOS ni del entorno de ejecuci\u00f3n de aplicaciones, pero los usuarios activos de bdf-converter pueden verse afectados cuando esta herramienta se expone a datos de usuario externos (es decir, automatizaci\u00f3n p\u00fablica). Este problema afecta a Apache NuttX desde la versi\u00f3n 6.9 hasta la 12.9.0. Se recomienda actualizar a la versi\u00f3n 12.9.0, que soluciona el problema."
}
],
"id": "CVE-2025-47868",
"lastModified": "2025-06-17T19:38:08.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-16T11:15:18.437",
"references": [
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/apache/nuttx/pull/16000"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-26 10:15
Modified
2025-07-08 13:17
Severity ?
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.
NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.
This issue affects Apache NuttX: from 7.25 before 12.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/nuttx/pull/16179 | Exploit, Issue Tracking, Patch | |
| security@apache.org | https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/05/26/1 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054E1F6D-1377-4794-923C-1C52AD39C83F",
"versionEndExcluding": "12.9.0",
"versionStartIncluding": "7.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\n\nNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\n\nThis issue affects Apache NuttX: from 7.25 before 12.9.0."
},
{
"lang": "es",
"value": "Se descubrieron vulnerabilidades de restricci\u00f3n incorrecta de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria y desbordamiento de b\u00fafer basado en pila en la pila Bluetooth de Apache NuttX RTOS (componentes HCI y UART). Estas vulnerabilidades pueden provocar un bloqueo del sistema, una denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo arbitrario tras recibir paquetes maliciosos. Se recomienda a los usuarios de la pila Bluetooth HCI/UART de NuttX que actualicen a la versi\u00f3n 12.9.0, que corrige los problemas de implementaci\u00f3n identificados. Este problema afecta a Apache NuttX desde la versi\u00f3n 7.25 hasta la 12.9.0."
}
],
"id": "CVE-2025-35003",
"lastModified": "2025-07-08T13:17:42.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-26T10:15:19.750",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/nuttx/pull/16179"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/05/26/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-16 11:15
Modified
2025-06-17 19:37
Severity ?
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.
This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.
Users of XMLRPC in Apache NuttX RTOS are advised to review their code
for this pattern and update buffer sizes as presented in the version of
the example in release 12.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/nuttx-apps/pull/3027 | Issue Tracking, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/06/14/2 | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B33899D-A656-4C70-8D2D-6F4BF9D75CDD",
"versionEndExcluding": "12.9.0",
"versionStartIncluding": "6.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\n\nThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\n\nUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de restricci\u00f3n incorrecta de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en la aplicaci\u00f3n Apache NuttX RTOS apps/exapmles/xmlrpc. En esta aplicaci\u00f3n de ejemplo, la estructura de estad\u00edsticas del dispositivo, que almacenaba par\u00e1metros proporcionados remotamente, ten\u00eda un tama\u00f1o de b\u00fafer codificado, lo que pod\u00eda provocar un desbordamiento del b\u00fafer. Los b\u00faferes de los miembros de la estructura se actualizaron a un tama\u00f1o v\u00e1lido de CONFIG_XMLRPC_STRINGSIZE+1. Este problema afecta a los usuarios de Apache NuttX RTOS que hayan usado o basado su c\u00f3digo en la aplicaci\u00f3n de ejemplo presentada en versiones anteriores a la 6.22 y anteriores a la 12.9.0. Se recomienda a los usuarios de XMLRPC en Apache NuttX RTOS que revisen su c\u00f3digo para detectar este patr\u00f3n y actualicen los tama\u00f1os de b\u00fafer seg\u00fan la versi\u00f3n del ejemplo en la versi\u00f3n 12.9.0."
}
],
"id": "CVE-2025-47869",
"lastModified": "2025-06-17T19:37:52.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-16T11:15:18.590",
"references": [
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/apache/nuttx-apps/pull/3027"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/2"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
CVE-2025-47869 (GCVE-0-2025-47869)
Vulnerability from cvelistv5
Published
2025-06-16 11:00
Modified
2025-06-16 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.
This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.
Users of XMLRPC in Apache NuttX RTOS are advised to review their code
for this pattern and update buffer sizes as presented in the version of
the example in release 12.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/nuttx-apps/pull/3027 | patch | |
| https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Version: 6.22 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T11:04:46.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:09:35.371926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:10:04.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "6.22",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ch\u00e1nh Ph\u1ea1m \u003cchanhphamviet@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Arnout Engelen \u003cengelen@apache.org\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alin Jerpelea \u003cjerpelea@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lee, Lup Yuen \u003cluppy@appkaki.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang781216@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "JianyuWang \u003cwangjianyu3@xiaomi.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\u003c/p\u003e\u003cp\u003eUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\n\nThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\n\nUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:00:37.755Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx-apps/pull/3027"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47869",
"datePublished": "2025-06-16T11:00:37.755Z",
"dateReserved": "2025-05-12T19:31:51.478Z",
"dateUpdated": "2025-06-16T16:10:04.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17529 (GCVE-0-2020-17529)
Vulnerability from cvelistv5
Published
2020-12-09 16:35
Modified
2025-02-13 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2020/12/09/5 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX (incubating) |
Version: unspecified < Version: 10.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "AMNESIA:33 CVE-2020-17438",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17529",
"STATE": "PUBLIC",
"TITLE": "Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3@%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17529",
"datePublished": "2020-12-09T16:35:14.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:37.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26461 (GCVE-0-2021-26461)
Vulnerability from cvelistv5
Published
2021-06-21 17:10
Modified
2024-08-03 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - INTEGER OVERFLOW OR WRAPAROUND
Summary
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX |
Version: Apache NuttX < 10.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
" INTEGER OVERFLOW OR WRAPAROUND CWE-190"
],
"product": "Apache NuttX",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "10.1.0",
"status": "affected",
"version": "Apache NuttX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "INTEGER OVERFLOW OR WRAPAROUND CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T17:10:10",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "BadAlloc",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-26461",
"STATE": "PUBLIC",
"TITLE": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX",
"version": {
"version_data": [
{
"platform": " INTEGER OVERFLOW OR WRAPAROUND CWE-190",
"version_affected": "\u003c",
"version_name": "Apache NuttX",
"version_value": "10.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INTEGER OVERFLOW OR WRAPAROUND CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-26461",
"datePublished": "2021-06-21T17:10:11",
"dateReserved": "2021-01-30T00:00:00",
"dateUpdated": "2024-08-03T20:26:25.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1939 (GCVE-0-2020-1939)
Vulnerability from cvelistv5
Published
2020-05-12 14:57
Modified
2024-08-04 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NULL Pointer Dereference
Summary
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache NuttX (incubating) |
Version: Apache NuttX (incubating) 6.15 to 8.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache NuttX (incubating) 6.15 to 8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T14:57:55",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_value": "Apache NuttX (incubating) 6.15 to 8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1939",
"datePublished": "2020-05-12T14:57:55",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35003 (GCVE-0-2025-35003)
Vulnerability from cvelistv5
Published
2025-05-26 10:03
Modified
2025-05-28 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.
NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.
This issue affects Apache NuttX: from 7.25 before 12.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/nuttx/pull/16179 | patch | |
| https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Version: 7.25 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-26T10:47:55.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/26/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T03:56:07.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "7.25",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chongqing Lei \u003cleicq@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhen Ling \u003czhenling@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Chongqing Lei \u003cleicq@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\u003c/p\u003e\u003cp\u003eNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX: from 7.25 before 12.9.0. \u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\n\nNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\n\nThis issue affects Apache NuttX: from 7.25 before 12.9.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T10:03:06.808Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16179"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-35003",
"datePublished": "2025-05-26T10:03:06.808Z",
"dateReserved": "2025-04-15T20:10:33.989Z",
"dateUpdated": "2025-05-28T03:56:07.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17528 (GCVE-0-2020-17528)
Vulnerability from cvelistv5
Published
2020-12-09 16:35
Modified
2025-02-13 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2020/12/09/4 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX (incubating) |
Version: unspecified < 9.1.1 Version: 10.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "AMNESIA:33 CVE-2020-17437",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17528",
"STATE": "PUBLIC",
"TITLE": "Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea@%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17528",
"datePublished": "2020-12-09T16:35:13.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:37.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47868 (GCVE-0-2025-47868)
Vulnerability from cvelistv5
Published
2025-06-16 11:00
Modified
2025-06-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).
This issue affects Apache NuttX: from 6.9 before 12.9.0.
Users are recommended to upgrade to version 12.9.0, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/nuttx/pull/16000 | patch | |
| https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS: tools/bdf-converter. |
Version: 6.9 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T11:04:43.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:11:29.902284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:12:13.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS: tools/bdf-converter.",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "6.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ch\u00e1nh Ph\u1ea1m \u003cchanhphamviet@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nathan Hartman \u003chartman.nathan@gmail.com\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alin Jerpelea \u003cjerpelea@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lee, Lup Yuen \u003cluppy@appkaki.com\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Arnout Engelen \u003cengelen@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX: from 6.9 before 12.9.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 12.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\n\nThis issue affects Apache NuttX: from 6.9 before 12.9.0.\n\nUsers are recommended to upgrade to version 12.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:00:05.293Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16000"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47868",
"datePublished": "2025-06-16T11:00:05.293Z",
"dateReserved": "2025-05-12T19:31:40.456Z",
"dateUpdated": "2025-06-16T16:12:13.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}