threadx icon indicating copy to clipboard operation
threadx copied to clipboard
verified publisher icon eclipse-threadx

Question regarding vulnerability CVE-2023-48693

Open bastreynard opened this issue 1 year ago • 1 comments

Hello, We are running ThreadX version 6.2.1 on products where a version bump is not possible (will bump for future products).

Would it be possible to know which commit/PR is responsible for fixing the remote code execution vulnerability, in order to be able to assess if we can patch it on earlier products on our end ?

Thank you for your support and have a great day, Bastien

bastreynard avatar Sep 03 '24 09:09 bastreynard

I guess it is about #307 (which BTW effects just threadx modules, in none module there is no privilege mechanism anyway)

amgross avatar Sep 03 '24 10:09 amgross

Closing this due to inactivity.

fdesbiens avatar Feb 27 '25 14:02 fdesbiens