Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-14607

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-03 Jul, 2026 | 19:45
Updated At-03 Jul, 2026 | 19:45
Rejected At-
Credits

RT-Thread lwp_syscall.c sys_getaddrinfo memory corruption

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:03 Jul, 2026 | 19:45
Updated At:03 Jul, 2026 | 19:45
Rejected At:
â–¼CVE Numbering Authority (CNA)
RT-Thread lwp_syscall.c sys_getaddrinfo memory corruption

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Affected Products
Vendor
n/a
Product
RT-Thread
CPEs
  • cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
Versions
Affected
  • 5.0.0
  • 5.0.1
  • 5.0.2
Problem Types
TypeCWE IDDescription
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R
3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R
2.04.6N/A
AV:L/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R
Version: 2.0
Base score: 4.6
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Zephyr Saxon (VulDB User)
coordinator
VulDB CNA Team
Timeline
EventDate
Advisory disclosed2026-07-03 00:00:00
VulDB entry created2026-07-03 02:00:00
VulDB entry last update2026-07-03 15:56:49
Event: Advisory disclosed
Date: 2026-07-03 00:00:00
Event: VulDB entry created
Date: 2026-07-03 02:00:00
Event: VulDB entry last update
Date: 2026-07-03 15:56:49
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/vuln/376115
vdb-entry
technical-description
https://vuldb.com/vuln/376115/cti
signature
permissions-required
https://vuldb.com/cve/CVE-2026-14607
third-party-advisory
https://vuldb.com/submit/844622
third-party-advisory
https://github.com/RT-Thread/rt-thread/issues/11428
exploit
issue-tracking
https://github.com/RT-Thread/rt-thread/pull/11454
issue-tracking
patch
https://github.com/RT-Thread/rt-thread/
product
Hyperlink: https://vuldb.com/vuln/376115
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/376115/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/cve/CVE-2026-14607
Resource:
third-party-advisory
Hyperlink: https://vuldb.com/submit/844622
Resource:
third-party-advisory
Hyperlink: https://github.com/RT-Thread/rt-thread/issues/11428
Resource:
exploit
issue-tracking
Hyperlink: https://github.com/RT-Thread/rt-thread/pull/11454
Resource:
issue-tracking
patch
Hyperlink: https://github.com/RT-Thread/rt-thread/
Resource:
product
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:03 Jul, 2026 | 20:16
Updated At:03 Jul, 2026 | 20:16

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.4MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary2.04.6MEDIUM
AV:L/AC:L/Au:S/C:N/I:N/A:C
Type: Secondary
Version: 4.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:C
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-119Primarycna@vuldb.com
CWE ID: CWE-119
Type: Primary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/RT-Thread/rt-thread/cna@vuldb.com
N/A
https://github.com/RT-Thread/rt-thread/issues/11428cna@vuldb.com
N/A
https://github.com/RT-Thread/rt-thread/pull/11454cna@vuldb.com
N/A
https://vuldb.com/cve/CVE-2026-14607cna@vuldb.com
N/A
https://vuldb.com/submit/844622cna@vuldb.com
N/A
https://vuldb.com/vuln/376115cna@vuldb.com
N/A
https://vuldb.com/vuln/376115/cticna@vuldb.com
N/A
Hyperlink: https://github.com/RT-Thread/rt-thread/
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/RT-Thread/rt-thread/issues/11428
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/RT-Thread/rt-thread/pull/11454
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/cve/CVE-2026-14607
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/844622
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/376115
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/376115/cti
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

108Records found

CVE-2020-36855
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 15:02
Updated-31 Oct, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DCMTK dcmqrscp parseQuota stack-based overflow

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-offisn/a
Product-dcmtkDCMTK
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-3343
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 23.85%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 05:15
Updated-15 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-advanced_malware_protection_for_endpointsCisco AMP for Endpoints
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3344
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 23.85%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 05:15
Updated-15 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-advanced_malware_protection_for_endpointsCisco AMP for Endpoints
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-14392
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.58% / 43.25%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:00
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

Action-Not Available
Vendor-perln/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdatabase_interfacedebian_linuxfedoraleapperl-dbi
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-12370
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.32%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:53
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_driversIntel(R) Graphics Drivers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-12365
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.62%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 14:03
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_driversIntel(R) Graphics Drivers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3633
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-4.4||MEDIUM
EPSS-0.25% / 16.35%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 15:16
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in DLP Endpoint for Windows

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsdata_loss_prevention_endpointData Loss Prevention (DLPe) for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3634
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-4.4||MEDIUM
EPSS-0.25% / 16.01%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 15:17
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in DLP Endpoint for Windows

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsdata_loss_prevention_endpointData Loss Prevention (DLPe) for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found