AIKIDO-2025-10241
Azure.azure-c-shared-utility is vulnerable to Heap Buffer Overflow
60
Medium Risk
This Affects:
Azure.azure-c-shared-utilityTL;DR
Affected versions of the azure-c-shared-utility package are vulnerable to integer wraparound, under-allocation, or heap buffer overflow due to insufficient parameter validation. These flaws in buffer length handling can be exploited to achieve remote code execution (RCE) under specific conditions. Successful exploitation requires a compromised Azure account capable of sending malformed payloads via the IoT Hub service, bypassing the 128KB payload limit, and the ability to overwrite executable memory on the target device.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
Azure.azure-c-shared-utility is vulnerable to Heap Buffer Overflow in versions 1.1.1 - 2023.12.01.
How to fix this
Upgrade the Azure.azure-c-shared-utility library to a patch version.
Links
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant