Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Chan
Chan fatfs |
|
| Vendors & Products |
Chan
Chan fatfs |
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total. | |
| Title | FatFs Buffer Overflow via Unbounded LFN Filename Copy | |
| Weaknesses | CWE-120 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: runZero
Published:
Updated: 2026-07-01T15:06:59.026Z
Reserved: 2026-04-20T15:06:24.308Z
Link: CVE-2026-6688
Updated: 2026-07-01T15:06:47.991Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T15:00:06Z