漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Azure RTOS USBX vulnerable to buffer overflow
Vulnerability Description
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
Azure RTOS USBX 安全漏洞
Vulnerability Description
Azure RTOS USBX是Azure RTOS开源的一个 USB 主机、设备和移动 (OTG) 嵌入式堆栈。与 Azure RTOS ThreadX 完全集成,可用于所有支持 Azure RTOS ThreadX 的处理器。 Azure RTOS USBX 6.1.12之前版本存在安全漏洞,该漏洞源于USB DFU上传功能可用于引入缓冲区溢出,从而导致内存内容被覆盖,这可能允许攻击者绕过安全功能执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A