Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for FatFs by ChaN

    CVE-2026-6688 (GCVE-0-2026-6688)

    Vulnerability from nvd – Published: 2026-07-01 14:01 – Updated: 2026-07-01 15:06
    VLAI
    Title
    FatFs Buffer Overflow via Unbounded LFN Filename Copy
    Summary
    FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6688",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:06:55.618764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:06:59.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:01:44.487Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-long-fn-of-downstream-cve-2026-6688/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Buffer Overflow via Unbounded LFN Filename Copy",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6688",
        "datePublished": "2026-07-01T14:01:04.915Z",
        "dateReserved": "2026-04-20T15:06:24.308Z",
        "dateUpdated": "2026-07-01T15:06:59.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6687 (GCVE-0-2026-6687)

    Vulnerability from nvd – Published: 2026-07-01 13:57 – Updated: 2026-07-01 15:06
    VLAI
    Title
    FatFs Stack Buffer Overflow via Uncapped exFAT Label Length
    Summary
    FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6687",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:06:20.995228Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:06:24.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:10:29.724Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-exfat-label-len-of-cve-2026-6687/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Stack Buffer Overflow via Uncapped exFAT Label Length",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6687",
        "datePublished": "2026-07-01T13:57:54.242Z",
        "dateReserved": "2026-04-20T15:06:23.356Z",
        "dateUpdated": "2026-07-01T15:06:24.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6686 (GCVE-0-2026-6686)

    Vulnerability from nvd – Published: 2026-07-01 13:55 – Updated: 2026-07-01 15:05
    VLAI
    Title
    FatFs Use of Uninitialized Clusters After Seek Past EOF
    Summary
    FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Resource). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of uninitialized resource
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6686",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:05:23.138301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:05:27.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Resource). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
                }
              ],
              "value": "FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Resource). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908 Use of uninitialized resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T13:55:09.072Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-uninit-cluster-exposure-cve-2026-6686/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Use of Uninitialized Clusters After Seek Past EOF",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6686",
        "datePublished": "2026-07-01T13:55:09.072Z",
        "dateReserved": "2026-04-20T15:06:22.242Z",
        "dateUpdated": "2026-07-01T15:05:27.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6685 (GCVE-0-2026-6685)

    Vulnerability from nvd – Published: 2026-07-01 13:47 – Updated: 2026-07-01 15:26
    VLAI
    Title
    FatFs Integer Underflow in Dirty-Sector Cache Flush
    Summary
    FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer underflow (wrap or wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6685",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:26:17.001634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:26:37.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp-\u0026gt;sect - sect \u0026lt; cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp-\u003esect - sect \u003c cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer underflow (wrap or wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:10:51.392Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-unsigned-sub-wrap-cve-2026-6685/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Integer Underflow in Dirty-Sector Cache Flush",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6685",
        "datePublished": "2026-07-01T13:47:25.764Z",
        "dateReserved": "2026-04-20T15:06:21.250Z",
        "dateUpdated": "2026-07-01T15:26:37.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6684 (GCVE-0-2026-6684)

    Vulnerability from nvd – Published: 2026-07-01 13:45 – Updated: 2026-07-01 15:25
    VLAI
    Title
    FatFs Infinite Loop in GPT Partition Scan
    Summary
    FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with unreachable exit condition ('infinite loop')
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , < R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6684",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:25:35.369745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:25:53.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThan": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eFatFs prior to R0.16 that use GPT scanning with \u0027FF_LBA64 = 1\u0027 contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "FatFs prior to R0.16 that use GPT scanning with \u0027FF_LBA64 = 1\u0027 contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with unreachable exit condition (\u0027infinite loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:10:58.544Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-gpt-scan-loop-dos-cve-2026-6684/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Infinite Loop in GPT Partition Scan",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6684",
        "datePublished": "2026-07-01T13:45:03.639Z",
        "dateReserved": "2026-04-20T15:06:20.061Z",
        "dateUpdated": "2026-07-01T15:25:53.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6683 (GCVE-0-2026-6683)

    Vulnerability from nvd – Published: 2026-07-01 13:41 – Updated: 2026-07-01 15:24
    VLAI
    Title
    FatFs Divide-by-Zero in exFAT Sync
    Summary
    FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:24:38.147110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:24:56.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
                }
              ],
              "value": "FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide by zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:11:06.688Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-exfat-divide-by-zero-cve-2026-6683"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Divide-by-Zero in exFAT Sync",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6683",
        "datePublished": "2026-07-01T13:41:11.337Z",
        "dateReserved": "2026-04-20T15:06:19.048Z",
        "dateUpdated": "2026-07-01T15:24:56.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6682 (GCVE-0-2026-6682)

    Vulnerability from nvd – Published: 2026-07-01 13:36 – Updated: 2026-07-01 15:24
    VLAI
    Title
    FatFs Integer Overflow in FAT32 Volume Mount
    Summary
    In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer overflow or wraparound
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6682",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:23:46.354718Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:24:05.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs-\u0026gt;n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs-\u003en_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer overflow or wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:11:14.785Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-fat32-int-of-mnt-cve-2026-6682/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Integer Overflow in FAT32 Volume Mount",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6682",
        "datePublished": "2026-07-01T13:36:59.935Z",
        "dateReserved": "2026-04-20T15:06:18.243Z",
        "dateUpdated": "2026-07-01T15:24:05.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6688 (GCVE-0-2026-6688)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:01 – Updated: 2026-07-01 15:06
    VLAI
    Title
    FatFs Buffer Overflow via Unbounded LFN Filename Copy
    Summary
    FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6688",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:06:55.618764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:06:59.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 (Buffer Copy without Checking Size of Input). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:01:44.487Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-long-fn-of-downstream-cve-2026-6688/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Buffer Overflow via Unbounded LFN Filename Copy",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6688",
        "datePublished": "2026-07-01T14:01:04.915Z",
        "dateReserved": "2026-04-20T15:06:24.308Z",
        "dateUpdated": "2026-07-01T15:06:59.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6687 (GCVE-0-2026-6687)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:57 – Updated: 2026-07-01 15:06
    VLAI
    Title
    FatFs Stack Buffer Overflow via Uncapped exFAT Label Length
    Summary
    FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6687",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:06:20.995228Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:06:24.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:10:29.724Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-exfat-label-len-of-cve-2026-6687/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Stack Buffer Overflow via Uncapped exFAT Label Length",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6687",
        "datePublished": "2026-07-01T13:57:54.242Z",
        "dateReserved": "2026-04-20T15:06:23.356Z",
        "dateUpdated": "2026-07-01T15:06:24.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6686 (GCVE-0-2026-6686)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:55 – Updated: 2026-07-01 15:05
    VLAI
    Title
    FatFs Use of Uninitialized Clusters After Seek Past EOF
    Summary
    FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Resource). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of uninitialized resource
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6686",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:05:23.138301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:05:27.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Resource). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
                }
              ],
              "value": "FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Resource). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908 Use of uninitialized resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T13:55:09.072Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-uninit-cluster-exposure-cve-2026-6686/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Use of Uninitialized Clusters After Seek Past EOF",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6686",
        "datePublished": "2026-07-01T13:55:09.072Z",
        "dateReserved": "2026-04-20T15:06:22.242Z",
        "dateUpdated": "2026-07-01T15:05:27.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6685 (GCVE-0-2026-6685)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:47 – Updated: 2026-07-01 15:26
    VLAI
    Title
    FatFs Integer Underflow in Dirty-Sector Cache Flush
    Summary
    FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer underflow (wrap or wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6685",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:26:17.001634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:26:37.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp-\u0026gt;sect - sect \u0026lt; cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp-\u003esect - sect \u003c cc) during interleaved read/write on fragmented filesystems. This maps to CWE-191 (Integer Underflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (6.1, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer underflow (wrap or wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:10:51.392Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-unsigned-sub-wrap-cve-2026-6685/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Integer Underflow in Dirty-Sector Cache Flush",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6685",
        "datePublished": "2026-07-01T13:47:25.764Z",
        "dateReserved": "2026-04-20T15:06:21.250Z",
        "dateUpdated": "2026-07-01T15:26:37.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6684 (GCVE-0-2026-6684)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:45 – Updated: 2026-07-01 15:25
    VLAI
    Title
    FatFs Infinite Loop in GPT Partition Scan
    Summary
    FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with unreachable exit condition ('infinite loop')
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , < R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6684",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:25:35.369745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:25:53.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThan": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eFatFs prior to R0.16 that use GPT scanning with \u0027FF_LBA64 = 1\u0027 contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "FatFs prior to R0.16 that use GPT scanning with \u0027FF_LBA64 = 1\u0027 contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with unreachable exit condition (\u0027infinite loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:10:58.544Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-gpt-scan-loop-dos-cve-2026-6684/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Infinite Loop in GPT Partition Scan",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6684",
        "datePublished": "2026-07-01T13:45:03.639Z",
        "dateReserved": "2026-04-20T15:06:20.061Z",
        "dateUpdated": "2026-07-01T15:25:53.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6683 (GCVE-0-2026-6683)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:41 – Updated: 2026-07-01 15:24
    VLAI
    Title
    FatFs Divide-by-Zero in exFAT Sync
    Summary
    FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:24:38.147110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:24:56.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
                }
              ],
              "value": "FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide by zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:11:06.688Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-exfat-divide-by-zero-cve-2026-6683"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Divide-by-Zero in exFAT Sync",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6683",
        "datePublished": "2026-07-01T13:41:11.337Z",
        "dateReserved": "2026-04-20T15:06:19.048Z",
        "dateUpdated": "2026-07-01T15:24:56.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6682 (GCVE-0-2026-6682)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:36 – Updated: 2026-07-01 15:24
    VLAI
    Title
    FatFs Integer Overflow in FAT32 Volume Mount
    Summary
    In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer overflow or wraparound
    Assigner
    Impacted products
    Vendor Product Version
    ChaN FatFs Affected: 0 , ≤ R0.16 (custom)
    Create a notification for this product.
    Date Public
    2026-07-01 13:00
    Credits
    HD Moore of runZero, Inc. Tod Beardsley of runZero, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6682",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:23:46.354718Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:24:05.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FatFs",
              "vendor": "ChaN",
              "versions": [
                {
                  "lessThanOrEqual": "R0.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HD Moore of runZero, Inc."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Tod Beardsley of runZero, Inc."
            }
          ],
          "datePublic": "2026-07-01T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs-\u0026gt;n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
                }
              ],
              "value": "In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs-\u003en_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer overflow or wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:11:14.785Z",
            "orgId": "44488dab-36db-4358-99f9-bc116477f914",
            "shortName": "runZero"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/blog/fatfs-bugs/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://elm-chan.org/fsw/ff/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.runzero.com/advisories/fatfs-fat32-int-of-mnt-cve-2026-6682/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FatFs Integer Overflow in FAT32 Volume Mount",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
        "assignerShortName": "runZero",
        "cveId": "CVE-2026-6682",
        "datePublished": "2026-07-01T13:36:59.935Z",
        "dateReserved": "2026-04-20T15:06:18.243Z",
        "dateUpdated": "2026-07-01T15:24:05.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }