CVE-2024-25390

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25390
A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/05/1 Mailing List
https://github.com/RT-Thread/rt-thread/issues/8286 Issue Tracking
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28 Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/05/1 Mailing List
https://github.com/RT-Thread/rt-thread/issues/8286 Issue Tracking
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28 Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
History

16 Apr 2025, 18:55

Type Values Removed Values Added
First Time Rt-thread
Rt-thread rt-thread
CPE cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/03/05/1 - () http://www.openwall.com/lists/oss-security/2024/03/05/1 - Mailing List
References () https://github.com/RT-Thread/rt-thread/issues/8286 - () https://github.com/RT-Thread/rt-thread/issues/8286 - Issue Tracking
References () https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt - () https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt - Third Party Advisory
References () https://seclists.org/fulldisclosure/2024/Mar/28 - () https://seclists.org/fulldisclosure/2024/Mar/28 - Mailing List
References () https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ - () https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ - Third Party Advisory
Information

Published : 2024-03-27 03:15

Updated : 2025-04-16 18:55

NVD link : CVE-2024-25390

Mitre link : CVE-2024-25390

CVE.ORG link : CVE-2024-25390

JSON object : View

Products Affected

rt-thread

  • rt-thread
CWE
CWE-122

Heap-based Buffer Overflow