CVE-2026-14607

Source
https://cve.org/CVERecord?id=CVE-2026-14607
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14607.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-14607
Published
2026-07-03T19:45:17.840Z
Modified
2026-07-15T01:48:54.066686548Z
Severity
  • 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
RT-Thread lwp_syscall.c sys_getaddrinfo memory corruption
Details

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14607.json"
}
References

Affected packages

Git / github.com/rt-thread/rt-thread

Affected ranges

Type
GIT
Repo
https://github.com/rt-thread/rt-thread
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "5.0.0"
        },
        {
            "last_affected": "5.0.0"
        },
        {
            "introduced": "5.0.1"
        },
        {
            "last_affected": "5.0.1"
        },
        {
            "introduced": "5.0.2"
        },
        {
            "last_affected": "5.0.2"
        }
    ]
}

Affected versions

5.*
5.0.0
5.0.1
5.0.2
v5.*
v5.0.0
v5.0.1
v5.0.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14607.json"