CVE-2024-25394

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25394
A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/05/1 Mailing List
https://github.com/RT-Thread/rt-thread/issues/8291 Issue Tracking
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28 Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/05/1 Mailing List
https://github.com/RT-Thread/rt-thread/issues/8291 Issue Tracking
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28 Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
History

16 Apr 2025, 18:54

Type Values Removed Values Added
First Time Rt-thread
Rt-thread rt-thread
CPE cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/03/05/1 - () http://www.openwall.com/lists/oss-security/2024/03/05/1 - Mailing List
References () https://github.com/RT-Thread/rt-thread/issues/8291 - () https://github.com/RT-Thread/rt-thread/issues/8291 - Issue Tracking
References () https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt - () https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt - Third Party Advisory
References () https://seclists.org/fulldisclosure/2024/Mar/28 - () https://seclists.org/fulldisclosure/2024/Mar/28 - Mailing List
References () https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ - () https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ - Third Party Advisory
Information

Published : 2024-03-27 03:15

Updated : 2025-04-16 18:54

NVD link : CVE-2024-25394

Mitre link : CVE-2024-25394

CVE.ORG link : CVE-2024-25394

JSON object : View

Products Affected

rt-thread

  • rt-thread
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')