CVE-2024-2212: Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
First published: Tue Mar 26 2024(Updated: )
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse ThreadX | <6.4.0 | |
| Eclipse ThreadX | <6.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2212?
CVE-2024-2212 is considered to have a high severity due to its potential for integer wraparound and subsequent heap buffer overflows.
How do I fix CVE-2024-2212?
To fix CVE-2024-2212, upgrade Eclipse ThreadX to version 6.4.0 or later where the parameter checks in xQueueCreate() and xQueueCreateSet() have been implemented.
What software is affected by CVE-2024-2212?
CVE-2024-2212 affects Eclipse ThreadX versions prior to 6.4.0.
What are the risks associated with CVE-2024-2212?
The risks associated with CVE-2024-2212 include potential memory corruption and application crashes due to heap buffer issues.
When was CVE-2024-2212 disclosed?
CVE-2024-2212 was disclosed in May 2024.
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/eclipse
- canonical/eclipse threadx