Chan Fatfs
7 CVEs affecting Chan Fatfs. Latest disclosed: 2026-07-01. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6688 | High | 7.6 | 2026-07-01 | FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up… |
CVE-2026-6687 | High | 7.6 | 2026-07-01 | FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. Th… |
CVE-2026-6682 | High | 7.6 | 2026-07-01 | In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-siz… |
CVE-2026-6685 | Medium | 6.1 | 2026-07-01 | FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/… |
CVE-2026-6686 | Medium | 4.6 | 2026-07-01 | FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This… |
CVE-2026-6684 | Medium | 4.6 | 2026-07-01 | FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabli… |
CVE-2026-6683 | Medium | 4.6 | 2026-07-01 | FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. Th… |