CVE-2024-2452

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX NetX Duo versions prior to 6.4.0

Description The issue arises when an attacker can control parameters of the portable aligned alloc() function, potentially causing an integer wrap-around and an allocation smaller than expected. This could lead to subsequent heap buffer overflows.

Recommendations For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the portable aligned alloc() function to minimize the risk of exploitation.