CVE-2024-57257

Summary

CVE-2024-57257 is a stack consumption vulnerability discovered in the sqfs_size function of Das U-Boot versions prior to 2025.01-rc1. This issue is triggered by a crafted squashfs filesystem containing deep symlink nesting. Successful exploitation can result in stack overflow and memory corruption, potentially leading to arbitrary code execution and system compromise. It is important to note that squashfs is a popular file system used in various embedded systems and IoT devices. Therefore, this vulnerability carries significant potential impact on these types of applications. Users are strongly recommended to upgrade to a patched version of Das U-Boot as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.