CVE-2022-39343
- Source
- https://cve.org/CVERecord?id=CVE-2022-39343
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39343.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-39343
- Aliases
-
- GHSA-8jqf-wjhq-4w9f
- Published
- 2022-11-08T00:00:00Z
- Modified
- 2026-04-12T01:28:02.270648Z
- Severity
-
- 5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Azure RTOS FileX vulnerable to Buffer Offerflow
- Details
-
Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the
_fx_fault_tolerant_enablefunction an attempt to recover the previous failed write operation is taken by call of_fx_fault_tolerant_apply_logs. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of typeFX_FAULT_TOLERANT_DIR_LOG_TYPEmay be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fxfaulttolerantapplylogs.c is documented in the GHSA. - Database specific
{ "cwe_ids": [ "CWE-120" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39343.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/azure-rtos/filex/blob/master/common/src/fx_fault_tolerant_apply_logs.c#L218
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39343.json
- https://github.com/azure-rtos/filex/security/advisories/GHSA-8jqf-wjhq-4w9f
- https://nvd.nist.gov/vuln/detail/CVE-2022-39343
Affected packages
Git / github.com/azure-rtos/filex
Affected versions
r6.*
r6.1.8_rel
v6.*
v6.0.1_rel
v6.0_rel
v6.1.10_rel
v6.1.11_rel
v6.1.12_rel
v6.1.2_rel
v6.1.3_rel
v6.1.5_rel
v6.1.6_rel
v6.1.7_rel
v6.1_rel
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39343.json"
vanir_signatures_modified
"2026-04-12T01:28:02Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2833.0,
"function_hash": "71481729813592598114919597199169458269"
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-005b8cd9",
"signature_type": "Function",
"target": {
"function": "_fx_fault_tolerant_cleanup_FAT_chain",
"file": "common/src/fx_fault_tolerant_cleanup_FAT_chain.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"65241720697930226269468681913103583472",
"80921983722349863410942781891916441009",
"291206474639971796351891434876688066655",
"161039004775417762457799108608254794378",
"251994901015578953193557576347699276011",
"145149154637618591833099886370030141683",
"295370043889283988658499404527183177329"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-0abea23c",
"signature_type": "Line",
"target": {
"file": "common/src/fx_partition_offset_calculate.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"258069155482498707029352352665581550435",
"108274575274021522221195656249753252793",
"124292861769071536015743048677031915952",
"235051014167875167832860597212571767089"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-212de549",
"signature_type": "Line",
"target": {
"file": "ports/linux/gnu/inc/fx_port.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"266082254850066319599802724549527785589",
"289680716979072499573239421865293327267",
"280704513613968322163299171032282909998",
"150176488144535472629085075889761544678",
"210903219169345250585859200127683093412",
"171158025057470254297225223793680517690",
"168162267643186252053703085284192112404",
"224654334372669908512354491120853995475",
"333814042358026465962697850527502351482",
"328578774781257306391662101022421809051",
"104704972042752050252180068477350662882"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-319533d2",
"signature_type": "Line",
"target": {
"file": "common/src/fx_utility_logical_sector_read.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 19569.0,
"function_hash": "286352542862030488155612397523392205879"
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-49988b8c",
"signature_type": "Function",
"target": {
"function": "_fx_media_open",
"file": "common/src/fx_media_open.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 3740.0,
"function_hash": "126870104809708223092663071786333785540"
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-63beab87",
"signature_type": "Function",
"target": {
"function": "_fx_fault_tolerant_apply_logs",
"file": "common/src/fx_fault_tolerant_apply_logs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"85841521789035747175223637507090406174",
"28290049972947148608847187652796099078",
"266090514393729544144908005450377100668",
"160527224236026528273661280489667646056"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-6d973a6f",
"signature_type": "Line",
"target": {
"file": "ports/generic/inc/fx_port.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"274733081248010547932921133435009421296",
"306911122112070920244037092964095778557",
"20245424029670426419962997318721023427",
"77671916831675302994063952351101874434",
"205558177936976145535918819851004372361",
"29094629977050019847156062855822095205",
"105358097753193015094982871066925515766"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-787b65d9",
"signature_type": "Line",
"target": {
"file": "common/src/fx_fault_tolerant_apply_logs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5507.0,
"function_hash": "71767983288199654586839315645110560755"
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-8f5295fb",
"signature_type": "Function",
"target": {
"function": "_fx_fault_tolerant_enable",
"file": "common/src/fx_fault_tolerant_enable.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 8497.0,
"function_hash": "21892847390746241560858396884406111653"
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-a4cefe6d",
"signature_type": "Function",
"target": {
"function": "_fx_utility_logical_sector_read",
"file": "common/src/fx_utility_logical_sector_read.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5286.0,
"function_hash": "110605364531903747146678427685970613333"
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-af9154a8",
"signature_type": "Function",
"target": {
"function": "_fx_utility_FAT_entry_read",
"file": "common/src/fx_utility_FAT_entry_read.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"197665653581711819412642909141285269782",
"122790464090719906075418592173484444184",
"56332967440298553607984169515226900850",
"179161814522815960525327508324153965678"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-cba75079",
"signature_type": "Line",
"target": {
"file": "ports/win32/vs_2019/inc/fx_port.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"129569300430791298181205563048325561462",
"196059845994958670721835868587544315595",
"268411110274237958272996826582839978929",
"325988095896963634835766934786998694567",
"119636201531819313293668514181772147264",
"217713344490509157809616076072140242968",
"109915266872951377163733244170815434925",
"177425607946612072502536653151129080543"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-d2773f8a",
"signature_type": "Line",
"target": {
"file": "common/src/fx_utility_FAT_entry_read.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"132227962160023417086962385225070325000",
"60456040930004072442497114950015955143",
"6359120502481172838205642462763131457",
"6155589986050407398283655387644079848",
"52618826579203069753197656811211679563",
"312377050974108669083963276517820231979",
"173853657654565123830760446437845074701",
"22618879530015293113240860752579506610",
"90226766931992874481519605897715340806",
"185083780435885276790815675316202049892",
"295916408330904378603581532682913768660",
"203328474374889218238158658331124101143",
"166704166767603489345028733102858827450"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-f220ada8",
"signature_type": "Line",
"target": {
"file": "common/src/fx_fault_tolerant_cleanup_FAT_chain.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"112053036183588478001444466644186585692",
"230231267904052691848515220417517563145",
"260522495413887221251993931574509650821",
"79683114630461773589785191881932328529",
"72244806446670127558705467330005728909",
"112347704593112155621647702074788165365",
"149003806220855531393823078477454668150",
"208728623556385004089915681003666471395",
"129593778681426340835183961577992302832",
"6064397684324996639262937373573928302",
"65639192027603470000009854619537453286",
"172289467895251859851739024375756484933",
"261078052488805653050395887150024951841",
"266449786475211572621583016798809663065",
"275563605738885572858716962848048210082",
"134015269546651800147071003777187732052"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-fb79c806",
"signature_type": "Line",
"target": {
"file": "common/src/fx_media_open.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"181223157699215428328082082536837693956",
"322146426209474509971383667900980478485",
"221370966855766008290545784322632268620",
"115330239516374048002963429312999015882",
"156900181384125889182344797696506381992",
"109121972667235578476975808786524436400",
"272041011544879029706192991088149006716",
"232100000628404821736829713090363817646",
"28015521008540180194506267631594970908",
"76812920744964099154738806453456891918",
"209580974530088009622299872470589516857",
"213355430641752303053440507740431380156",
"151571189378027292532606928103386804426",
"260399537770335970392598853836775393812"
]
},
"source": "https://github.com/azure-rtos/filex/commit/ef128829b4d9c142dbdf0e48e9ac67889da0ea9c",
"id": "CVE-2022-39343-febd3739",
"signature_type": "Line",
"target": {
"file": "common/src/fx_fault_tolerant_enable.c"
}
}
]