Primary

Context

Striso Control Firmware Buffer Overflow Vulnerability in ThreadReadButtons Function

Vulnerability

A buffer overflow vulnerability has been identified in the Striso Control Firmware version 54c9722. The issue arises in the function ThreadReadButtons, where the thread is allocated a working area that may not be sufficient to handle the actual stack usage, potentially leading to a stack overflow.

Impact

Exploitation of this vulnerability could result in a stack overflow, which may allow for arbitrary code execution or cause a denial-of-service condition by crashing the device.

Reproduction

To reproduce this vulnerability, build the Striso Control Firmware normally, then modify the Makefile to include optimization flags that enable stack usage analysis. After rebuilding the firmware with these flags, the stack usage file will indicate that the ThreadReadButtons function requires 248 bytes of stack, exceeding the 128 bytes allocated. This discrepancy creates a potential for stack overflow.

Added: May 13, 2026, 6:50 PM

Updated: May 13, 2026, 6:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

8.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

8.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Striso Control Firmware Buffer Overflow Vulnerability in ThreadReadButtons Function

Vulnerability

Impact

Reproduction

Affected Products

striso-control-firmware

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating