Search criteria
18 vulnerabilities found for nuttx by apache
CVE-2025-48769 (GCVE-0-2025-48769)
Vulnerability from nvd – Published: 2026-01-01 16:14 – Updated: 2026-01-05 20:07
VLAI?
Title
Apache NuttX RTOS: fs/vfs/fs_rename: use after free
Summary
Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.
This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.
Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
7.20 , < 12.11.0
(semver)
|
Credits
Liu, Richard Jiayang <rjliu3@illinois.edu>
Liu, Richard Jiayang <rjliu3@illinois.edu>
Tomek CEDRO <cederom@apache.org>
Xiang Xiao <xiaoxiang@apache.org>
Jiuzhu Dong <jiuzhudong@apache.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-01T17:07:57.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/31/11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:06:45.981815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:07:09.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.11.0",
"status": "affected",
"version": "7.20",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ccederom@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jiuzhu Dong \u003cjiuzhudong@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.\u003c/p\u003e\u003cp\u003eUsers of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.\n\nThis issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.\n\nUsers of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-01T16:14:33.415Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16455"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7m83v11ldfq7bvw72n9t5sccocczocjn"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: fs/vfs/fs_rename: use after free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48769",
"datePublished": "2026-01-01T16:14:33.415Z",
"dateReserved": "2025-05-26T01:39:04.334Z",
"dateUpdated": "2026-01-05T20:07:09.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48768 (GCVE-0-2025-48768)
Vulnerability from nvd – Published: 2026-01-01 16:14 – Updated: 2026-01-05 20:06
VLAI?
Title
Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal
Summary
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.
This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.
Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
10.0.0 , < 12.10.0
(semver)
|
Credits
Liu, Richard Jiayang <rjliu3@illinois.edu>
Liu, Richard Jiayang <rjliu3@illinois.edu>
Alan Carvalho de Assis <acassis@apache.org>
Tomek CEDRO <cederom@apache.org>
Xiang Xiao <xiaoxiang@apache.org>
Jiuzhu Dong <jiuzhudong@apache.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-01T17:07:55.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/31/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:05:18.959542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:06:13.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.10.0",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@apache.org\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ccederom@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jiuzhu Dong \u003cjiuzhudong@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRelease of Invalid Pointer or Reference vulnerability was discovered in\u0026nbsp;fs/inode/fs_inoderemove\u0026nbsp;code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\u003c/p\u003e\u003cp\u003eUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.\u003c/p\u003e"
}
],
"value": "Release of Invalid Pointer or Reference vulnerability was discovered in\u00a0fs/inode/fs_inoderemove\u00a0code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\n\nThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\n\nUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-01T16:14:00.837Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16437"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/nwo1kd08b7t3dyz082q2pghdxwvxwyvo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48768",
"datePublished": "2026-01-01T16:14:00.837Z",
"dateReserved": "2025-05-26T00:41:34.307Z",
"dateUpdated": "2026-01-05T20:06:13.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47869 (GCVE-0-2025-47869)
Vulnerability from nvd – Published: 2025-06-16 11:00 – Updated: 2025-06-16 16:10
VLAI?
Title
Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.
This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.
Users of XMLRPC in Apache NuttX RTOS are advised to review their code
for this pattern and update buffer sizes as presented in the version of
the example in release 12.9.0.
Severity ?
No CVSS data available.
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
6.22 , < 12.9.0
(semver)
|
Credits
Chánh Phạm <chanhphamviet@gmail.com>
Arnout Engelen <engelen@apache.org>
Tomek CEDRO <tomek@cedro.info>
Alan Carvalho de Assis <acassis@gmail.com>
Alin Jerpelea <jerpelea@gmail.com>
Lee, Lup Yuen <luppy@appkaki.com>
Xiang Xiao <xiaoxiang781216@gmail.com>
JianyuWang <wangjianyu3@xiaomi.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T11:04:46.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:09:35.371926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:10:04.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "6.22",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ch\u00e1nh Ph\u1ea1m \u003cchanhphamviet@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Arnout Engelen \u003cengelen@apache.org\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alin Jerpelea \u003cjerpelea@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lee, Lup Yuen \u003cluppy@appkaki.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang781216@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "JianyuWang \u003cwangjianyu3@xiaomi.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\u003c/p\u003e\u003cp\u003eUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\n\nThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\n\nUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:00:37.755Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx-apps/pull/3027"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47869",
"datePublished": "2025-06-16T11:00:37.755Z",
"dateReserved": "2025-05-12T19:31:51.478Z",
"dateUpdated": "2025-06-16T16:10:04.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47868 (GCVE-0-2025-47868)
Vulnerability from nvd – Published: 2025-06-16 11:00 – Updated: 2025-06-16 16:12
VLAI?
Title
Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
Summary
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).
This issue affects Apache NuttX: from 6.9 before 12.9.0.
Users are recommended to upgrade to version 12.9.0, which fixes the issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS: tools/bdf-converter. |
Affected:
6.9 , < 12.9.0
(semver)
|
Credits
Chánh Phạm <chanhphamviet@gmail.com>
Nathan Hartman <hartman.nathan@gmail.com>
Tomek CEDRO <tomek@cedro.info>
Alan Carvalho de Assis <acassis@gmail.com>
Alin Jerpelea <jerpelea@gmail.com>
Lee, Lup Yuen <luppy@appkaki.com>
Arnout Engelen <engelen@apache.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T11:04:43.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:11:29.902284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:12:13.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS: tools/bdf-converter.",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "6.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ch\u00e1nh Ph\u1ea1m \u003cchanhphamviet@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nathan Hartman \u003chartman.nathan@gmail.com\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alin Jerpelea \u003cjerpelea@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lee, Lup Yuen \u003cluppy@appkaki.com\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Arnout Engelen \u003cengelen@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX: from 6.9 before 12.9.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 12.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\n\nThis issue affects Apache NuttX: from 6.9 before 12.9.0.\n\nUsers are recommended to upgrade to version 12.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:00:05.293Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16000"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47868",
"datePublished": "2025-06-16T11:00:05.293Z",
"dateReserved": "2025-05-12T19:31:40.456Z",
"dateUpdated": "2025-06-16T16:12:13.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35003 (GCVE-0-2025-35003)
Vulnerability from nvd – Published: 2025-05-26 10:03 – Updated: 2025-05-28 03:56
VLAI?
Title
Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.
NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.
This issue affects Apache NuttX: from 7.25 before 12.9.0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
7.25 , < 12.9.0
(semver)
|
Credits
Chongqing Lei <leicq@seu.edu.cn>
Zhen Ling <zhenling@seu.edu.cn>
Chongqing Lei <leicq@seu.edu.cn>
Tomek CEDRO <tomek@cedro.info>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-26T10:47:55.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/26/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T03:56:07.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "7.25",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chongqing Lei \u003cleicq@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhen Ling \u003czhenling@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Chongqing Lei \u003cleicq@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\u003c/p\u003e\u003cp\u003eNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX: from 7.25 before 12.9.0. \u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\n\nNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\n\nThis issue affects Apache NuttX: from 7.25 before 12.9.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T10:03:06.808Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16179"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-35003",
"datePublished": "2025-05-26T10:03:06.808Z",
"dateReserved": "2025-04-15T20:10:33.989Z",
"dateUpdated": "2025-05-28T03:56:07.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26461 (GCVE-0-2021-26461)
Vulnerability from nvd – Published: 2021-06-21 17:10 – Updated: 2024-08-03 20:26
VLAI?
Title
malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds
Summary
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Severity ?
No CVSS data available.
CWE
- CWE-190 - INTEGER OVERFLOW OR WRAPAROUND CWE-190
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX |
Affected:
Apache NuttX , < 10.1.0
(custom)
|
Credits
Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
" INTEGER OVERFLOW OR WRAPAROUND CWE-190"
],
"product": "Apache NuttX",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "10.1.0",
"status": "affected",
"version": "Apache NuttX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "INTEGER OVERFLOW OR WRAPAROUND CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T17:10:10",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "BadAlloc",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-26461",
"STATE": "PUBLIC",
"TITLE": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX",
"version": {
"version_data": [
{
"platform": " INTEGER OVERFLOW OR WRAPAROUND CWE-190",
"version_affected": "\u003c",
"version_name": "Apache NuttX",
"version_value": "10.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INTEGER OVERFLOW OR WRAPAROUND CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-26461",
"datePublished": "2021-06-21T17:10:11",
"dateReserved": "2021-01-30T00:00:00",
"dateUpdated": "2024-08-03T20:26:25.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17529 (GCVE-0-2020-17529)
Vulnerability from nvd – Published: 2020-12-09 16:35 – Updated: 2025-02-13 16:27
VLAI?
Title
Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header
Summary
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX (incubating) |
Affected:
unspecified , ≤ 9.1.0
(custom)
Affected: 10.0.0 |
Credits
Apache NuttX would like to thank Forescout for reporting the issue
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "AMNESIA:33 CVE-2020-17438",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17529",
"STATE": "PUBLIC",
"TITLE": "Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3@%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17529",
"datePublished": "2020-12-09T16:35:14.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:37.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17528 (GCVE-0-2020-17528)
Vulnerability from nvd – Published: 2020-12-09 16:35 – Updated: 2025-02-13 16:27
VLAI?
Title
Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length
Summary
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX (incubating) |
Affected:
unspecified , < 9.1.1
(custom)
Affected: 10.0.0 |
Credits
Apache NuttX would like to thank Forescout for reporting the issue
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "AMNESIA:33 CVE-2020-17437",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17528",
"STATE": "PUBLIC",
"TITLE": "Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea@%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17528",
"datePublished": "2020-12-09T16:35:13.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:37.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1939 (GCVE-0-2020-1939)
Vulnerability from nvd – Published: 2020-05-12 14:57 – Updated: 2024-08-04 06:54
VLAI?
Summary
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.
Severity ?
No CVSS data available.
CWE
- NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache NuttX (incubating) |
Affected:
Apache NuttX (incubating) 6.15 to 8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache NuttX (incubating) 6.15 to 8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T14:57:55",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_value": "Apache NuttX (incubating) 6.15 to 8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1939",
"datePublished": "2020-05-12T14:57:55",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48769 (GCVE-0-2025-48769)
Vulnerability from cvelistv5 – Published: 2026-01-01 16:14 – Updated: 2026-01-05 20:07
VLAI?
Title
Apache NuttX RTOS: fs/vfs/fs_rename: use after free
Summary
Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.
This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.
Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
7.20 , < 12.11.0
(semver)
|
Credits
Liu, Richard Jiayang <rjliu3@illinois.edu>
Liu, Richard Jiayang <rjliu3@illinois.edu>
Tomek CEDRO <cederom@apache.org>
Xiang Xiao <xiaoxiang@apache.org>
Jiuzhu Dong <jiuzhudong@apache.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-01T17:07:57.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/31/11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:06:45.981815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:07:09.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.11.0",
"status": "affected",
"version": "7.20",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ccederom@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jiuzhu Dong \u003cjiuzhudong@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.\u003c/p\u003e\u003cp\u003eUsers of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.\n\nThis issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.\n\nUsers of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-01T16:14:33.415Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16455"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7m83v11ldfq7bvw72n9t5sccocczocjn"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: fs/vfs/fs_rename: use after free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48769",
"datePublished": "2026-01-01T16:14:33.415Z",
"dateReserved": "2025-05-26T01:39:04.334Z",
"dateUpdated": "2026-01-05T20:07:09.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48768 (GCVE-0-2025-48768)
Vulnerability from cvelistv5 – Published: 2026-01-01 16:14 – Updated: 2026-01-05 20:06
VLAI?
Title
Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal
Summary
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.
This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.
Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
10.0.0 , < 12.10.0
(semver)
|
Credits
Liu, Richard Jiayang <rjliu3@illinois.edu>
Liu, Richard Jiayang <rjliu3@illinois.edu>
Alan Carvalho de Assis <acassis@apache.org>
Tomek CEDRO <cederom@apache.org>
Xiang Xiao <xiaoxiang@apache.org>
Jiuzhu Dong <jiuzhudong@apache.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-01T17:07:55.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/31/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:05:18.959542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:06:13.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.10.0",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@apache.org\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ccederom@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jiuzhu Dong \u003cjiuzhudong@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRelease of Invalid Pointer or Reference vulnerability was discovered in\u0026nbsp;fs/inode/fs_inoderemove\u0026nbsp;code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\u003c/p\u003e\u003cp\u003eUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.\u003c/p\u003e"
}
],
"value": "Release of Invalid Pointer or Reference vulnerability was discovered in\u00a0fs/inode/fs_inoderemove\u00a0code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\n\nThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\n\nUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-01T16:14:00.837Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16437"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/nwo1kd08b7t3dyz082q2pghdxwvxwyvo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48768",
"datePublished": "2026-01-01T16:14:00.837Z",
"dateReserved": "2025-05-26T00:41:34.307Z",
"dateUpdated": "2026-01-05T20:06:13.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47869 (GCVE-0-2025-47869)
Vulnerability from cvelistv5 – Published: 2025-06-16 11:00 – Updated: 2025-06-16 16:10
VLAI?
Title
Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.
This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.
Users of XMLRPC in Apache NuttX RTOS are advised to review their code
for this pattern and update buffer sizes as presented in the version of
the example in release 12.9.0.
Severity ?
No CVSS data available.
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
6.22 , < 12.9.0
(semver)
|
Credits
Chánh Phạm <chanhphamviet@gmail.com>
Arnout Engelen <engelen@apache.org>
Tomek CEDRO <tomek@cedro.info>
Alan Carvalho de Assis <acassis@gmail.com>
Alin Jerpelea <jerpelea@gmail.com>
Lee, Lup Yuen <luppy@appkaki.com>
Xiang Xiao <xiaoxiang781216@gmail.com>
JianyuWang <wangjianyu3@xiaomi.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T11:04:46.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:09:35.371926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:10:04.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "6.22",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ch\u00e1nh Ph\u1ea1m \u003cchanhphamviet@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Arnout Engelen \u003cengelen@apache.org\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alin Jerpelea \u003cjerpelea@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lee, Lup Yuen \u003cluppy@appkaki.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang781216@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "JianyuWang \u003cwangjianyu3@xiaomi.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\u003c/p\u003e\u003cp\u003eUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\n\nThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\n\nUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:00:37.755Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx-apps/pull/3027"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9kqs4jbvj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47869",
"datePublished": "2025-06-16T11:00:37.755Z",
"dateReserved": "2025-05-12T19:31:51.478Z",
"dateUpdated": "2025-06-16T16:10:04.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47868 (GCVE-0-2025-47868)
Vulnerability from cvelistv5 – Published: 2025-06-16 11:00 – Updated: 2025-06-16 16:12
VLAI?
Title
Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
Summary
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).
This issue affects Apache NuttX: from 6.9 before 12.9.0.
Users are recommended to upgrade to version 12.9.0, which fixes the issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS: tools/bdf-converter. |
Affected:
6.9 , < 12.9.0
(semver)
|
Credits
Chánh Phạm <chanhphamviet@gmail.com>
Nathan Hartman <hartman.nathan@gmail.com>
Tomek CEDRO <tomek@cedro.info>
Alan Carvalho de Assis <acassis@gmail.com>
Alin Jerpelea <jerpelea@gmail.com>
Lee, Lup Yuen <luppy@appkaki.com>
Arnout Engelen <engelen@apache.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T11:04:43.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/14/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:11:29.902284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:12:13.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS: tools/bdf-converter.",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "6.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ch\u00e1nh Ph\u1ea1m \u003cchanhphamviet@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nathan Hartman \u003chartman.nathan@gmail.com\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alin Jerpelea \u003cjerpelea@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lee, Lup Yuen \u003cluppy@appkaki.com\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Arnout Engelen \u003cengelen@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX: from 6.9 before 12.9.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 12.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\n\nThis issue affects Apache NuttX: from 6.9 before 12.9.0.\n\nUsers are recommended to upgrade to version 12.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T11:00:05.293Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16000"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47868",
"datePublished": "2025-06-16T11:00:05.293Z",
"dateReserved": "2025-05-12T19:31:40.456Z",
"dateUpdated": "2025-06-16T16:12:13.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35003 (GCVE-0-2025-35003)
Vulnerability from cvelistv5 – Published: 2025-05-26 10:03 – Updated: 2025-05-28 03:56
VLAI?
Title
Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.
NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.
This issue affects Apache NuttX: from 7.25 before 12.9.0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
7.25 , < 12.9.0
(semver)
|
Credits
Chongqing Lei <leicq@seu.edu.cn>
Zhen Ling <zhenling@seu.edu.cn>
Chongqing Lei <leicq@seu.edu.cn>
Tomek CEDRO <tomek@cedro.info>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-26T10:47:55.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/26/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T03:56:07.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.9.0",
"status": "affected",
"version": "7.25",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chongqing Lei \u003cleicq@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhen Ling \u003czhenling@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Chongqing Lei \u003cleicq@seu.edu.cn\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ctomek@cedro.info\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\u003c/p\u003e\u003cp\u003eNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX: from 7.25 before 12.9.0. \u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.\n\nNuttX\u0027s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.\n\nThis issue affects Apache NuttX: from 7.25 before 12.9.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T10:03:06.808Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16179"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-35003",
"datePublished": "2025-05-26T10:03:06.808Z",
"dateReserved": "2025-04-15T20:10:33.989Z",
"dateUpdated": "2025-05-28T03:56:07.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26461 (GCVE-0-2021-26461)
Vulnerability from cvelistv5 – Published: 2021-06-21 17:10 – Updated: 2024-08-03 20:26
VLAI?
Title
malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds
Summary
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Severity ?
No CVSS data available.
CWE
- CWE-190 - INTEGER OVERFLOW OR WRAPAROUND CWE-190
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX |
Affected:
Apache NuttX , < 10.1.0
(custom)
|
Credits
Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
" INTEGER OVERFLOW OR WRAPAROUND CWE-190"
],
"product": "Apache NuttX",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "10.1.0",
"status": "affected",
"version": "Apache NuttX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "INTEGER OVERFLOW OR WRAPAROUND CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T17:10:10",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "BadAlloc",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-26461",
"STATE": "PUBLIC",
"TITLE": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX",
"version": {
"version_data": [
{
"platform": " INTEGER OVERFLOW OR WRAPAROUND CWE-190",
"version_affected": "\u003c",
"version_name": "Apache NuttX",
"version_value": "10.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INTEGER OVERFLOW OR WRAPAROUND CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-26461",
"datePublished": "2021-06-21T17:10:11",
"dateReserved": "2021-01-30T00:00:00",
"dateUpdated": "2024-08-03T20:26:25.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17529 (GCVE-0-2020-17529)
Vulnerability from cvelistv5 – Published: 2020-12-09 16:35 – Updated: 2025-02-13 16:27
VLAI?
Title
Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header
Summary
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX (incubating) |
Affected:
unspecified , ≤ 9.1.0
(custom)
Affected: 10.0.0 |
Credits
Apache NuttX would like to thank Forescout for reporting the issue
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "AMNESIA:33 CVE-2020-17438",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17529",
"STATE": "PUBLIC",
"TITLE": "Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3@%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17529",
"datePublished": "2020-12-09T16:35:14.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:37.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17528 (GCVE-0-2020-17528)
Vulnerability from cvelistv5 – Published: 2020-12-09 16:35 – Updated: 2025-02-13 16:27
VLAI?
Title
Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length
Summary
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NuttX (incubating) |
Affected:
unspecified , < 9.1.1
(custom)
Affected: 10.0.0 |
Credits
Apache NuttX would like to thank Forescout for reporting the issue
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "AMNESIA:33 CVE-2020-17437",
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17528",
"STATE": "PUBLIC",
"TITLE": "Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache NuttX would like to thank Forescout for reporting the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea@%3Cdev.nuttx.apache.org%3E"
},
{
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17528",
"datePublished": "2020-12-09T16:35:13.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:37.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1939 (GCVE-0-2020-1939)
Vulnerability from cvelistv5 – Published: 2020-05-12 14:57 – Updated: 2024-08-04 06:54
VLAI?
Summary
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.
Severity ?
No CVSS data available.
CWE
- NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache NuttX (incubating) |
Affected:
Apache NuttX (incubating) 6.15 to 8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NuttX (incubating)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache NuttX (incubating) 6.15 to 8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T14:57:55",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NuttX (incubating)",
"version": {
"version_data": [
{
"version_value": "Apache NuttX (incubating) 6.15 to 8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache NuttX (Incubating) project provides an optional separate \"apps\" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1939",
"datePublished": "2020-05-12T14:57:55",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}