CVE-2023-48691

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-48691
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48691.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-48691
Aliases
  • GHSA-fwmg-rj6g-w99p
Published
2023-12-05T00:24:41.913Z
Modified
2026-03-14T12:12:46.903691Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Details

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48691.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-787"
    ]
}
References

Affected packages

Git / github.com/azure-rtos/netxduo

Affected ranges

Type
GIT
Repo
https://github.com/azure-rtos/netxduo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
837b032b9c773ea32f78dfa6339a76f2df3568fb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3.0"
        }
    ]
}

Affected versions

v6.*
v6.0.1_rel
v6.0.2_rel
v6.0_rel
v6.1.10_rel
v6.1.11_rel
v6.1.12_rel
v6.1.2_rel
v6.1.3_rel
v6.1.4_rel
v6.1.5_rel
v6.1.6_rel
v6.1.7_rel
v6.1.8_rel
v6.1.9_rel
v6.1_rel
v6.2.0_rel
v6.2.1_rel

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48691.json"