Security vulnerabilities and automated fixes for arduino issues
2 posts found
A high-severity stack buffer overflow vulnerability was discovered in the Adafruit GFX Library's `fontconvert` tool, where an unchecked `strcpy()` call could allow an attacker or malformed input to overwrite adjacent stack memory — including the saved return address. The fix replaces unsafe C string functions with bounds-checked alternatives (`snprintf`), closing a classic CWE-120 vulnerability that has plagued C codebases for decades. While the tool is primarily used during development, exploit
A medium-severity vulnerability in the ESP32-audioI2S library allowed audio streaming credentials to be transmitted via HTTP Basic Authentication over unencrypted HTTP connections, making them trivially recoverable by anyone on the same network. The fix gates the Authorization header behind an SSL/TLS check, ensuring credentials are only sent when the connection is encrypted. For embedded IoT devices where credentials are often hardcoded in firmware, this kind of passive interception risk is esp