Buffer Overflow Vulnerability in RT-Thread Embedded Operating System
CVE-2024-25394
4.3MEDIUM
What is CVE-2024-25394?
A buffer overflow vulnerability has been identified in the RT-Thread RTOS, specifically within the utilities/ymodem/ry_sy.c file, affecting versions up to 5.0.2. This issue stems from an improper use of the sprintf function and the absence of a terminating null character ('\0'). An attacker could exploit this vulnerability to potentially execute arbitrary code or cause denial of service conditions. It is crucial for users of RT-Thread to update to the latest version and apply necessary security patches to mitigate risks associated with this vulnerability.
