How severe is CVE-2024-31225?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-31225?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-31225 - HIGH Severity | CVSS 8.3

Vulnerability Description

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` static buffer. If an attacker can craft a long enough payload, they could cause a buffer overflow. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.

Related Vulnerabilities

CVE-2018-3898

HIGH

CVSS:8.3(High)

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code exe...

CWE-1202018

CVE-2018-3899

HIGH

CVSS:8.3(High)

CWE-1202018

CVE-1999-0038

HIGH

CVSS:8.4(High)

Buffer overflow in xlock program allows local users to execute commands as root.

CWE-1201999

CVE-2017-18779

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR...

CWE-1202017

CVE-2019-4014

HIGH

CVSS:8.4(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c...

CWE-1202019

CVE-2019-4015

HIGH

CVSS:8.4(High)

CWE-1202019