Description

NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.

INFO

Published Date :

2025-06-02T11:21:48.580Z

Last Modified :

2025-06-02T16:39:42.539Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48990 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48990.

URL Resource
https://github.com/nekernel-org/nekernel/commit/fb7b7f658327f659c6a6da1af151cb389c2ca4ee cve-icon cve-icon
https://github.com/nekernel-org/nekernel/security/advisories/GHSA-jvvh-fp57-2p32 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability