CVE-2023-48698

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-754
View all →

Vulnerability Description

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-20166

CRITICAL
CVSS:9.8(Critical)

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

CWE-7542017

CVE-2019-19646

CRITICAL
CVSS:9.8(Critical)

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

CWE-7542019

CVE-2020-10571

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.

CWE-7542020

CVE-2020-28037

CRITICAL
CVSS:9.8(Critical)

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, lead...

CWE-7542020

CVE-2020-8986

CRITICAL
CVSS:9.8(Critical)

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of re...

CWE-7542020

CVE-2021-33622

CRITICAL
CVSS:9.8(Critical)

Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.

CWE-7542021