Code Injection Vulnerabilities in Arduino ESP32 by Espressif
CVE-2024-45798
Currently unrated
What is CVE-2024-45798?
The Arduino ESP32 core, utilized across various ESP32 microcontrollers, has been found to have multiple vulnerabilities related to code injection and environment variable exploitation. Specifically, flaws within the tests_results.yml workflow enable unauthorized code injection through the GHSL-2024-169 issue, alongside potential untrusted variable injection as outlined in GHSL-2024-170. Although these vulnerabilities have been addressed in recent updates, users are strongly encouraged to verify the integrity of any downloaded artifacts to mitigate risks associated with these exposures.