### Vulnerability Overview - **CVE ID**: CVE-2026-30363 - **Vulnerability Type**: Potential Stack Overflow - **Description**: A potential stack overflow vulnerability exists in the `main` function due to insufficient stack allocation. The `main` function is created with a fixed stack size of 1024 bytes, but static stack usage analysis indicates that the worst-case call chain may require approximately 1464 bytes of stack space. This mismatch between allocated and required stack size may lead to a potential stack overflow condition during execution. ### Scope of Impact - **Affected Versions**: flipperzero-firmware (commit ad2a890 and possibly earlier versions) - **Potential Impact**: - System crash - Undefined behavior ### Remediation - **Verification Steps**: 1. Enable stack usage analysis: - Add `-fstack-usage` to compiler flags 2. Build the project 3. Inspect the generated `.su` files 4. Observe whether the `main` call chain exceeds the allocated stack size ### References - [GitHub Issue](https://github.com/flipperdevices/flipperzero-firmware/issues/4332) ### Code Block ```plaintext # CVE-2026-30363: Potential Stack Overflow in main (flipperzero-firmware) ## Summary A potential stack overflow vulnerability exists in the main function due to insufficient stack allocation. ## Affected Versions - flipperzero-firmware (commit ad2a890 and possibly earlier versions) ## Description The main function is created with a fixed stack size of 1024 bytes: ```_stack_size = 0x400; // required amount of stack */ However, static stack usage analysis indicates that the worst-case call chain may require approximately 1464 bytes of stack space. This mismatch between allocated and required stack size may lead to a potential stack overflow condition during execution. ## Impact This issue may lead to: - System crash - Undefined behavior ## Proof of Concept 1. Enable stack usage analysis: - Add `-fstack-usage` to compiler flags 2. Build the project 3. Inspect generated `.su` files 4. Observe that main call chain exceeds allocated stack size ## References - https://github.com/flipperdevices/flipperzero-firmware/issues/4332 ```