Open 0xdea opened 10 months ago
Hi, it's been one month since I reported this vulnerability, and I wanted to ask if you have any update. As standard practice, I plan to request a CVE ID for every confirmed vulnerability. I also intend to publish an advisory by February at the latest, unless there's a specific reason to postpone. Thanks!
Hi there, CVE-2024-25392 was assigned to this vulnerability. I'm planning to publish my security advisory and writeup on March 5th. Thanks.
Hi,
I would like to report another potential vulnerability in the current version of RT-Thread. Please let me know if you plan to ask for a CVE ID in case the vulnerability is confirmed. I'm available if you need further clarifications.
Potential out-of-bounds static array access in RT-Thread var_export utility
Summary
I spotted a potential out-of-bounds static array access at the following location in the RT-Thread var_export utility source code: https://github.com/RT-Thread/rt-thread/blob/master/components/utilities/var_export/var_export.c#L97-L122
Details
Improper size check due to the use of
RT_ASSERT()
in thevar_export_init()
function at the marked line, which if compiled out in production code could lead to multiple out-of-boundsve_exporter_tab
static array accesses in the next lines:Impact
If the unchecked input above is confirmed to be attacker-controlled and crossing a security boundary, the impact of the reported buffer overflow vulnerability could range from denial of service to arbitrary code execution.