← volver
CVE-2024-25076

CVE-2024-25076

CVSS 6.8 MEDIUMEPSS 0.4%CWE-120
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 jul 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Productos afectados
n/a · n/a