Buffer Overflow Vulnerability in FatFs by Elm-Chan
CVE-2026-6688
7.6HIGH
What is CVE-2026-6688?
FatFs versions R0.16 and earlier contain a critical vulnerability in the handling of long filenames, where the fno.fname can reach up to 255 characters. This allows for potential buffer overflow due to callers copying the filenames into fixed-size buffers without proper bounds checking, leading to serious security implications. This vulnerability is categorized under CWE-120, indicating a flaw in input size verification during buffer copying.
Affected Version(s)
FatFs 0
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
HD Moore of runZero, Inc.
Tod Beardsley of runZero, Inc.
