漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
Vulnerability Description
Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single crafted G-code command via USB serial, network interface, or malicious gcode file to write an attacker-controlled 32-bit float value past the z_values array bounds, corrupting adjacent firmware variables and causing denial of service or firmware state corruption.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
Marlin Firmware Marlin 3D Printer Firmware 输入验证错误漏洞
Vulnerability Description
Marlin Firmware Marlin 3D Printer Firmware是Marlin Firmware组织开源的一款3D打印机固件。 Marlin Firmware Marlin 3D Printer Firmware 2.1.2.7及之前版本存在输入验证错误漏洞,该漏洞源于M421 G-code处理程序存在越界写入问题,可能导致攻击者通过提供超出范围的X和Y网格索引来破坏固件内存,进而造成拒绝服务或固件状态损坏。
CVSS Information
N/A
Vulnerability Type
N/A