CVE-2024-25076

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-120
View all →

Vulnerability Description

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.

Related Vulnerabilities

CVE-2009-4067

MEDIUM
CVSS:6.8(Medium)

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of ...

CWE-1202009

CVE-2014-8271

MEDIUM
CVSS:6.8(Medium)

Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.

CWE-1202014

CVE-2017-18707

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

CWE-1202017

CVE-2017-18770

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

CWE-1202017

CVE-2018-17773

MEDIUM
CVSS:6.8(Medium)

Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

CWE-1202018

CVE-2018-21151

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 bef...

CWE-1202018