CVE-2025-47869Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Foundation Apache Nuttx Rtos

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 35.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Nuttx RtosApache Nuttx
Timeline
PublishedJun 16

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/nuttx6.2212.9.0

🔴Vulnerability Details

2
GHSA
GHSA-pqw8-wfp5-mgqq: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc applica2025-06-16
CVEList
Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.2025-06-16
CVE-2025-47869 — CRITICAL severity | cvebase