HNS-2024-06 - HN Security Advisory - Multiple vulnerabilities in Eclipse ThreadX
2024-5-30 11:5:11 Author: seclists.org(查看原文) 阅读量:1 收藏
2024-5-30 11:5:11 Author: seclists.org(查看原文) 阅读量:1 收藏
Full Disclosure mailing list archives
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Tue, 28 May 2024 14:22:31 +0200
Hi, Please find attached a security advisory that describes multiple vulnerabilities we discovered in Eclipse ThreadX (aka Azure RTOS). * Title: Multiple vulnerabilities in Eclipse ThreadX * OS: Eclipse ThreadX < 6.4.0 * Author: Marco Ivaldi <marco.ivaldi () hnsecurity it> * Date: 2024-05-28 * CVE IDs and severity: * CVE-2024-2214 - High - 7.0 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-2212 - High - 7.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2024-2452 - High - 7.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * Advisory URLs: * https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x * https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6 * https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx * Vendor URL: https://threadx.io/ The advisory is also available at: https://github.com/hnsecurity/vulns/blob/main/HNS-2024-06-threadx.txt For additional information, please refer to our vulnerability writeup: https://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/ Cheers, -- Marco Ivaldi https://0xdeadbeef.info/ "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
Attachment:
HNS-2024-06-threadx.txt
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- HNS-2024-06 - HN Security Advisory - Multiple vulnerabilities in Eclipse ThreadX Marco Ivaldi (May 29)
文章来源: https://seclists.org/fulldisclosure/2024/May/35
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh