CVE-2023-48693

Source
https://cve.org/CVERecord?id=CVE-2023-48693
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48693.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-48693
Aliases
  • GHSA-p7w6-62rq-vrf9
Published
2023-12-05T00:24:47.969Z
Modified
2026-07-15T02:09:49.508816139Z
Severity
  • 8.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
Summary
Azure RTOS ThreadX Remote Code Execution Vulnerability
Details

Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48693.json"
}
References

Affected packages

Git / github.com/eclipse-threadx/threadx

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-threadx/threadx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3.0"
        }
    ]
}

Affected versions

v6.*
v6.0.1_rel
v6.0.2_rel
v6.0_rel
v6.1.10_rel
v6.1.11_rel
v6.1.12_rel
v6.1.1_rel
v6.1.2_rel
v6.1.3_rel
v6.1.5_rel
v6.1.6_rel
v6.1.7_rel
v6.1.8_rel
v6.1.9_rel
v6.1_rel
v6.2.0_rel
v6.2.1_rel

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48693.json"