An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.
References
Configurations
No configuration.
History
11 Jul 2024, 15:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
CWE | CWE-120 |
11 Jul 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Jul 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-10 20:15
Updated : 2024-07-11 15:05
NVD link : CVE-2024-25076
Mitre link : CVE-2024-25076
CVE.ORG link : CVE-2024-25076
JSON object : View
Products Affected
No product.
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')