CYBER VOICE PR | THREAT INTEL – Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution

Gibraltar: Tuesday, 5 June 2024 at 11:00 CET

CYBER VOICE PR | THREAT INTEL: Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution
Syndicated via: CYBERInsights/CYBERVoice
SME Cybersecurity PR
Google Indexed on 050624 at 13:40 CET

#CYBERVoice #SMECyberPR #SMECybersecurityNews #ThreatIntel #Humanativa

It has been reported that Humanativa Group has published information on several vulnerabilities found in Eclipse ThreadX, a real-time operating system for IoT devices. Designed for devices with limited resources, Eclipse ThreadX is an open-source platform for real-time applications and an advanced embedded development suite. Analysing the publicly available ThreadX source code, Humanativa Group’s Marco Ivaldi identified multiple vulnerabilities that could lead to memory corruption and which could be exploited to cause denial-of-service (DoS) conditions or to execute arbitrary code. Learn More/…

Commenting on this, Thomas Richards, principal consultant at the Synopsys Software Integrity Group, said, “The vulnerabilities disclosed hark back to the 90s when there were little secure coding guidelines for low-level languages. Buffer overflows are one of the earliest security vulnerabilities created by unsafe functions that do not perform bounds checking on the input. These types of vulnerabilities are quite rare in modern developed software, and by the number of vulnerabilities disclosed, there appears to be a gap in their secure coding guidelines and static code analysis. The original code for ThreadX was released in 1997, which will introduce several challenges with legacy code within the codebase. A thorough review of the legacy code should be conducted for any unsafe functions or boundless memory allocations.”