CVE-2023-48692

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-48692
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48692.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-48692
Aliases
  • GHSA-m2rx-243p-9w64
Published
2023-12-05T00:24:44.801Z
Modified
2025-11-29T14:59:17.813853Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Details

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48692.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-787",
        "CWE-825"
    ]
}
References

Affected packages

Git / github.com/azure-rtos/netxduo

Affected ranges

Type
GIT
Repo
https://github.com/azure-rtos/netxduo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
837b032b9c773ea32f78dfa6339a76f2df3568fb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3.0"
        }
    ]
}

Affected versions

v6.*

v6.0.1_rel
v6.0.2_rel
v6.0_rel
v6.1.10_rel
v6.1.11_rel
v6.1.12_rel
v6.1.2_rel
v6.1.3_rel
v6.1.4_rel
v6.1.5_rel
v6.1.6_rel
v6.1.7_rel
v6.1.8_rel
v6.1.9_rel
v6.1_rel
v6.2.0_rel
v6.2.1_rel