Nuttx Security Vulnerabilities and Issues — Nuttx CVE List

ApacheNuttx

9 matches found

CVE•added 2025/06/16 11:0 a.m.•60 views

CVE-2025-47869

CVE-2025-47869 affects Apache NuttX RTOS, specifically the apps/examples/xmlrpc component. A device stats structure stored remotely provided parameters using hardcoded buffers can lead to a buffer overflow. The buffers were corrected to CONFIG_XMLRPC_STRINGSIZE+1 in the release 12.9.0 example, af...

9.8CVSS6.7AI score0.00475EPSS

CVE•added 2021/06/21 5:10 p.m.•54 views

CVE-2021-26461

Apache NuttX (OS) versions prior to 10.1.0 are affected by CVE-2021-26461 due to integer wrap-around in memory management calls (malloc, realloc, memalign). This can lead to arbitrary memory allocation and outcomes such as a crash or remote code execution. Remediation is to update to 10.1.0 or la...

9.8CVSS9.7AI score0.02052EPSS

CVE•added 2025/05/26 10:3 a.m.•54 views

CVE-2025-35003

CVE-2025-35003 covers a buffer overflow in Apache NuttX’s Bluetooth Stack (HCI and UART components). The issue arises from improper restriction in memory buffers, potentially enabling system crash, denial of service, or arbitrary code execution after receiving crafted packets. Affected software: ...

9.8CVSS8.1AI score0.00529EPSS

CVE•added 2020/05/12 2:57 p.m.•48 views

CVE-2020-1939

The CVE-2020-1939 issue affects the optional ftpd component within the Apache NuttX Apps repository, not the NuttX RTOS core. A NULL pointer dereference in ftpd is the named problem. Impact is limited to users who have enabled ftpd in versions 6.15 through 8.2. The NuttX RTOS itself is not affect...

9.8CVSS9.4AI score0.00872EPSS

CVE•added 2020/12/09 4:35 p.m.•47 views

CVE-2020-17529

CVE-2020-17529 affects Apache NuttX (incubating) TCP Stack up to 9.1.0 and 10.0.0, when built with CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY. It describes an out-of-bounds write triggered by an invalid fragmentation offset in the IP header, leading to memory corruption. CVSS metrics repor...

9.8CVSS9.4AI score0.0143EPSS

CVE•added 2025/06/16 11:0 a.m.•42 views

CVE-2025-47868

The CVE concerns Apache NuttX’s optional tools/bdf-converter in the repository, which suffers an out-of-bounds write that can cause a heap-based buffer overflow. Affected versions are 6.9 through 12.9.0; the issue arises when the tool is exposed to externally provided data. The advisory recommend...

9.8CVSS6.5AI score0.00475EPSS

CVE•added 2020/12/09 4:35 p.m.•39 views

CVE-2020-17528

The CVE-2020-17528 entry affects Apache NuttX (incubating) and its TCP stack, with vulnerable versions up to 9.1.0 and 10.0.0. The issue is an out-of-bounds write caused by supplying arbitrary urgent data pointer offsets within TCP packets, including beyond packet length, leading to memory corrup...

9.1CVSS9.2AI score0.0174EPSS

CVE•added 2026/01/01 4:14 p.m.•22 views

CVE-2025-48769

CVE-2025-48769 affects Apache NuttX RTOS. The flaw is a Use-After-Free in the fs/vfs/fs_rename code caused by a recursive implementation reusing a single buffer across two pointers, enabling arbitrary user-provided buffer reallocations and writes to a freed heap chunk. In affected scenarios, this...

8.1CVSS7.2AI score0.00015EPSS

CVE•added 2026/01/01 4:14 p.m.•9 views

CVE-2025-48768

Vulnerability: Apache NuttX RTOS contains an issue in fs/inode/fs_inoderemove that can enable root inode removal, triggering a debug assert, NULL pointer dereference (architecture-dependent), or denial of service. Affected versions: 10.0.0 through 12.9.9; impact arises for filesystem-based servic...

6.5CVSS6.6AI score0.0002EPSS