CVE-2026-30363
Stack Overflow in Flipper Zero Firmware
Publication date: 2026-05-01
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flipperdevices | flipperzero-firmware | From ad2a800 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30363 is a stack overflow vulnerability found in the main function of the flipperzero-firmware project. The main function is allocated a fixed stack size of 1024 bytes, but analysis shows that the actual stack usage can reach up to 1464 bytes due to a deep call chain involving multiple nested function calls. This means the program uses more stack memory than allocated, which can cause a stack overflow.
This overflow occurs because the worst-case call chain starting from the main function includes functions like flipper_boot_update_exec and flipper_update_process_manifest, which together consume more stack space than allocated. The vulnerability was discovered by compiling the firmware with the "-fstack-usage" flag to track stack usage per function.
How can this vulnerability impact me? :
This stack overflow vulnerability can lead to system crashes or undefined behavior in devices running the affected flipperzero-firmware. When the stack overflows, it may overwrite adjacent memory, potentially causing the firmware to malfunction, become unstable, or crash unexpectedly.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the stack usage of the main function in the flipperzero-firmware. Specifically, enabling stack usage analysis during compilation helps identify if the stack usage exceeds the allocated size.
A suggested method is to add the compiler flag `-fstack-usage` when building the firmware. This flag generates stack usage files (.su) for each function, which can then be inspected to determine the stack consumption.
For example, you can run the following commands in the build environment:
- Add `-fstack-usage` to the compiler flags in your build configuration.
- Build the firmware project.
- Inspect the generated `.su` files, especially for the main function and its call chain, to check if the stack usage exceeds 1024 bytes.
If the main function's stack usage is above 1024 bytes (e.g., around 1464 bytes as reported), this indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the stack overflow vulnerability in the main function of the flipperzero-firmware, immediate steps include analyzing and increasing the allocated stack size for the main thread beyond the current 1024 bytes to accommodate the worst-case stack usage of approximately 1464 bytes.
Additionally, developers should use the compiler flag '-fstack-usage' to monitor stack usage per function and identify problematic call chains that contribute to excessive stack consumption.
Reviewing and refactoring the deep call stack in the main function to reduce stack usage can also help prevent overflow.
Until a patched firmware version is released, avoid using firmware versions at or before commit ad2a80 that contain this vulnerability.