Vulnerabilites related to zephyrproject-rtos - Zephyr
CVE-2023-2234 (GCVE-0-2023-2234)
Vulnerability from cvelistv5
Published
2023-07-10 04:33
Modified
2024-11-07 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:13.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2234",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:19:43.330544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:20:13.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host."
}
],
"value": "Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:33:35.254Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT HCI host union variant confusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-2234",
"datePublished": "2023-07-10T04:33:35.254Z",
"dateReserved": "2023-04-21T17:15:56.122Z",
"dateUpdated": "2024-11-07T15:20:13.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10067 (GCVE-0-2020-10067)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.1 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
],
"discovery": "EXTERNAL"
},
"title": "Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10067",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.1"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23239",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23653",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23654",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10067",
"datePublished": "2020-05-11T22:26:17.372048Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T16:37:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3332 (GCVE-0-2024-3332)
Vulnerability from cvelistv5
Published
2024-07-03 16:44
Modified
2024-08-01 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:43:22.944853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:00:13.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device"
}
],
"value": "A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T16:44:28.197Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bt: host/smp: DoS caused by null pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-3332",
"datePublished": "2024-07-03T16:44:28.197Z",
"dateReserved": "2024-04-04T17:09:09.444Z",
"dateUpdated": "2024-08-01T20:05:08.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13603 (GCVE-0-2020-13603)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound ()
Summary
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow in memory allocating functions. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:29",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
]
},
"title": "Integer Overflow in memory allocating functions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-03-23T00:00:00.000Z",
"ID": "CVE-2020-13603",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow in memory allocating functions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow in memory allocating functions. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.9,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound (CWE-190)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13603",
"datePublished": "2021-05-24T21:40:30.045607Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-16T23:36:24.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1673 (GCVE-0-2025-1673)
Vulnerability from cvelistv5
Published
2025-02-25 07:12
Modified
2025-02-28 17:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T17:04:30.075858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:04:42.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg"
}
],
"value": "A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T07:12:13.455Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjhx-rrh4-j8mx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-1673",
"datePublished": "2025-02-25T07:12:13.455Z",
"dateReserved": "2025-02-25T06:01:00.388Z",
"dateUpdated": "2025-02-28T17:04:42.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3436 (GCVE-0-2021-3436)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-694 - Use of Multiple Resources with Duplicate Identifier ()
Summary
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.4.0 < unspecified Version: 2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0, \u003e= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-694",
"description": "Use of Multiple Resources with Duplicate Identifier (CWE-694)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:15",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
]
},
"title": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-11T00:00:00.000Z",
"ID": "CVE-2021-3436",
"STATE": "PUBLIC",
"TITLE": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0, \u003e= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Multiple Resources with Duplicate Identifier (CWE-694)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3436",
"datePublished": "2021-10-05T20:50:15.802366Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T20:31:46.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1901 (GCVE-0-2023-1901)
Vulnerability from cvelistv5
Published
2023-07-10 04:37
Modified
2024-11-07 15:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1901",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:11:58.244687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672 Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:19:24.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:37:33.126Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCI send_sync Dangling Semaphore Reference Re-use",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-1901",
"datePublished": "2023-07-10T04:37:33.126Z",
"dateReserved": "2023-04-05T22:11:42.140Z",
"dateUpdated": "2024-11-07T15:19:24.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10063 (GCVE-0-2020-10063)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-17 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified Version: 2.1.0 < unspecified Version: 1.14.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
],
"discovery": "EXTERNAL"
},
"title": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10063",
"STATE": "PUBLIC",
"TITLE": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
},
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24435",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24531",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24535",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24530",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10063",
"datePublished": "2020-06-05T17:37:37.314752Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T04:03:51.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6443 (GCVE-0-2024-6443)
Vulnerability from cvelistv5
Published
2024-10-04 05:56
Modified
2024-10-04 13:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6443",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:49:49.688130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:50:42.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "zephyr: out-of-bound read in utf8_trunc"
}
],
"value": "In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T05:56:30.135Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gg46-3rh2-v765"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "zephyr: out-of-bound read in utf8_trunc",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6443",
"datePublished": "2024-10-04T05:56:30.135Z",
"dateReserved": "2024-07-02T06:00:55.818Z",
"dateUpdated": "2024-10-04T13:50:42.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10019 (GCVE-0-2020-10019)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.1 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
],
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow in USB DFU requested length",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10019",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow in USB DFU requested length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.1"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23190",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23457",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23460",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10019",
"datePublished": "2020-05-11T22:26:11.452886Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-17T02:12:14.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10059 (GCVE-0-2020-10059)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 02:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Module Explicitly Disables TLS Verification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10059",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Explicitly Disables TLS Verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24954",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24999",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24997",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10059",
"datePublished": "2020-05-11T22:26:16.442001Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T02:07:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0397 (GCVE-0-2023-0397)
Vulnerability from cvelistv5
Published
2023-01-19 00:00
Modified
2025-04-03 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions ()
Summary
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:49:30.912838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:03:20.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
]
},
"title": "DoS: Invalid Initialization in le_read_buffer_size_complete"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0397",
"datePublished": "2023-01-19T00:00:00.000Z",
"dateReserved": "2023-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-03T17:03:20.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10028 (GCVE-0-2020-10028)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
],
"discovery": "EXTERNAL"
},
"title": "Multiple Syscalls In GPIO Subsystem Performs No Argument Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10028",
"STATE": "PUBLIC",
"TITLE": "Multiple Syscalls In GPIO Subsystem Performs No Argument Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23308",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23733",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23737",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10028",
"datePublished": "2020-05-11T22:26:15.474877Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T17:09:14.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6444 (GCVE-0-2024-6444)
Vulnerability from cvelistv5
Published
2024-10-04 06:14
Modified
2024-10-04 13:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6444",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:48:21.272000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:49:14.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: ots: missing buffer length check"
}
],
"value": "No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T06:14:26.348Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qj4r-chj6-h7qp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: ots: missing buffer length check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6444",
"datePublished": "2024-10-04T06:14:26.348Z",
"dateReserved": "2024-07-02T06:07:28.811Z",
"dateUpdated": "2024-10-04T13:49:14.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4785 (GCVE-0-2024-4785)
Vulnerability from cvelistv5
Published
2024-08-19 22:10
Modified
2024-08-22 14:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T14:27:50.440384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:28:01.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"
}
],
"value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T22:10:05.249Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-4785",
"datePublished": "2024-08-19T22:10:05.249Z",
"dateReserved": "2024-05-10T19:03:31.098Z",
"dateUpdated": "2024-08-22T14:28:01.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6442 (GCVE-0-2024-6442)
Vulnerability from cvelistv5
Published
2024-10-04 05:36
Modified
2024-10-04 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6442",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:51:06.391128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:52:10.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: ASCS Unchecked tailroom of the response buffer"
}
],
"value": "In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T05:36:10.488Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m22j-ccg7-4v4h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: ASCS Unchecked tailroom of the response buffer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6442",
"datePublished": "2024-10-04T05:36:10.488Z",
"dateReserved": "2024-07-02T05:35:41.910Z",
"dateUpdated": "2024-10-04T13:52:10.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3433 (GCVE-0-2021-3433)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions ()
Summary
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions \u003e= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:34",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
]
},
"title": "BT: Invalid channel map in CONNECT_IND results to Deadlock",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3433",
"STATE": "PUBLIC",
"TITLE": "BT: Invalid channel map in CONNECT_IND results to Deadlock"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions \u003e= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Check or Handling of Exceptional Conditions (CWE-703)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3433",
"datePublished": "2022-06-28T19:45:34.282461Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T18:28:43.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3454 (GCVE-0-2021-3454)
Vulnerability from cvelistv5
Published
2021-10-19 22:50
Modified
2024-09-17 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.4.0 < unspecified Version: v.2.50 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v.2.50",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Truncated L2CAP K-frame causes assertion failure. Zephyr versions \u003e= 2.4.0, \u003e= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "Improper Handling of Length Parameter Inconsistency (CWE-130)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion (CWE-617)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T22:50:08",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
]
},
"title": "Truncated L2CAP K-frame causes assertion failure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-05-24T00:00:00.000Z",
"ID": "CVE-2021-3454",
"STATE": "PUBLIC",
"TITLE": "Truncated L2CAP K-frame causes assertion failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "v.2.50"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Truncated L2CAP K-frame causes assertion failure. Zephyr versions \u003e= 2.4.0, \u003e= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency (CWE-130)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion (CWE-617)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3454",
"datePublished": "2021-10-19T22:50:09.038849Z",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-09-17T00:01:39.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10065 (GCVE-0-2020-10065)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency ()
Summary
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "Improper Handling of Length Parameter Inconsistency (CWE-130)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
},
"title": "Missing Size Checks in Bluetooth HCI over SPI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10065",
"STATE": "PUBLIC",
"TITLE": "Missing Size Checks in Bluetooth HCI over SPI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.8,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency (CWE-130)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10065",
"datePublished": "2021-05-24T21:40:24.079319Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T22:09:54.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10023 (GCVE-0-2020-10023)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
],
"discovery": "EXTERNAL"
},
"title": "Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10023",
"STATE": "PUBLIC",
"TITLE": "Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23304",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23646",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23649",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10023",
"datePublished": "2020-05-11T22:26:13.032987Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T18:03:31.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0779 (GCVE-0-2023-0779)
Vulnerability from cvelistv5
Published
2023-05-30 00:00
Modified
2025-02-13 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Valiation ()
Summary
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < v3.3 Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:34:43.160113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:35:53.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "v3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v2.7.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device\u2019s memory layout, further exploitation is possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Valiation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T21:00:13.800Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
]
},
"title": "net: shell: Improper input validation"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0779",
"datePublished": "2023-05-30T00:00:00.000Z",
"dateReserved": "2023-02-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:39:07.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1638 (GCVE-0-2024-1638)
Vulnerability from cvelistv5
Published
2024-02-19 21:19
Modified
2025-04-24 15:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T16:13:08.734071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:07:49.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read."
}
],
"value": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T21:19:51.915Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth characteristic LESC security requirement not enforced without additional flags",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-1638",
"datePublished": "2024-02-19T21:19:51.915Z",
"dateReserved": "2024-02-19T19:52:31.489Z",
"dateUpdated": "2025-04-24T15:07:49.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3435 (GCVE-0-2021-3435)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-908 - Use of Uninitialized Resource ()
Summary
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.4.0 < unspecified Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage in le_ecred_conn_req(). Zephyr versions \u003e= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "Use of Uninitialized Resource (CWE-908)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:44",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
]
},
"title": "L2CAP: Information leakage in le_ecred_conn_req()",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3435",
"STATE": "PUBLIC",
"TITLE": "L2CAP: Information leakage in le_ecred_conn_req()"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage in le_ecred_conn_req(). Zephyr versions \u003e= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MODERATE",
"confidentialityImpact": "LOW",
"environmentalScore": 4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Resource (CWE-908)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3435",
"datePublished": "2022-06-28T19:45:44.593076Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T17:48:21.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10395 (GCVE-0-2024-10395)
Vulnerability from cvelistv5
Published
2025-02-03 06:59
Modified
2025-02-03 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-127 - Buffer Under-read
Summary
No proper validation of the length of user input in http_server_get_content_type_from_extension.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10395",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:57:59.266246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:58:33.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "net: lib: http_server: Buffer Under-read"
}
],
"value": "No proper validation of the length of user input in http_server_get_content_type_from_extension."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-127",
"description": "Buffer Under-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T06:59:21.740Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "net: lib: http_server: Buffer Under-read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-10395",
"datePublished": "2025-02-03T06:59:21.740Z",
"dateReserved": "2024-10-25T18:53:58.099Z",
"dateUpdated": "2025-02-03T16:58:33.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10071 (GCVE-0-2020-10071)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-17 04:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient publish message length validation in MQTT",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10071",
"STATE": "PUBLIC",
"TITLE": "Insufficient publish message length validation in MQTT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10071",
"datePublished": "2020-06-05T17:37:37.515923Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T04:19:36.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2741 (GCVE-0-2022-2741)
Vulnerability from cvelistv5
Published
2022-10-31 17:45
Modified
2025-05-05 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption ()
Summary
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:05:55.970352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:06:07.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
]
},
"title": "can: denial-of-service can be triggered by a crafted CAN frame"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-2741",
"datePublished": "2022-10-31T17:45:09.741Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-05-05T14:06:07.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5779 (GCVE-0-2023-5779)
Vulnerability from cvelistv5
Published
2024-02-18 07:46
Modified
2024-08-28 16:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
can: out of bounds in remove_rx_filter function
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T16:31:26.269331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:31:48.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "can: out of bounds in remove_rx_filter function"
}
],
"value": "can: out of bounds in remove_rx_filter function"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T07:46:41.927Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "can: out of bounds in remove_rx_filter function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5779",
"datePublished": "2024-02-18T07:46:41.927Z",
"dateReserved": "2023-10-26T04:08:11.579Z",
"dateUpdated": "2024-08-28T16:31:48.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1674 (GCVE-0-2025-1674)
Vulnerability from cvelistv5
Published
2025-02-25 07:18
Modified
2025-02-28 17:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T17:04:08.864147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:04:15.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds read when unpacking DNS answers"
}
],
"value": "A lack of input validation allows for out of bounds reads caused by malicious or malformed packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T07:18:52.323Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-x975-8pgf-qh66"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds read when unpacking DNS answers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-1674",
"datePublished": "2025-02-25T07:18:52.323Z",
"dateReserved": "2025-02-25T06:02:12.173Z",
"dateUpdated": "2025-02-28T17:04:15.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5139 (GCVE-0-2023-5139)
Vulnerability from cvelistv5
Published
2023-10-26 04:40
Modified
2025-02-13 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:55.655509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:08:31.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver"
}
],
"value": "Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:25.014Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerability in the Zephyr STM32 Crypto driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5139",
"datePublished": "2023-10-26T04:40:36.930Z",
"dateReserved": "2023-09-22T23:08:46.735Z",
"dateUpdated": "2025-02-13T17:19:43.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5931 (GCVE-0-2024-5931)
Vulnerability from cvelistv5
Published
2024-09-13 19:41
Modified
2024-09-16 14:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
BT: Unchecked user input in bap_broadcast_assistant
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:46:48.955985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:46:53.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Unchecked user input in bap_broadcast_assistant"
}
],
"value": "BT: Unchecked user input in bap_broadcast_assistant"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:41:57.713Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r8h3-64gp-wv7f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Unchecked user input in bap_broadcast_assistant",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-5931",
"datePublished": "2024-09-13T19:41:57.713Z",
"dateReserved": "2024-06-12T19:58:33.952Z",
"dateUpdated": "2024-09-16T14:46:53.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3077 (GCVE-0-2024-3077)
Vulnerability from cvelistv5
Published
2024-03-29 05:06
Modified
2024-08-01 19:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T18:40:47.514480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:38.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
}
],
"value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Ovead",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-29T05:06:18.378Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: integer underflow in gatt_find_info_rsp",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-3077",
"datePublished": "2024-03-29T05:06:18.378Z",
"dateReserved": "2024-03-29T04:45:26.918Z",
"dateUpdated": "2024-08-01T19:32:42.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6135 (GCVE-0-2024-6135)
Vulnerability from cvelistv5
Published
2024-09-13 19:51
Modified
2024-09-16 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
BT:Classic: Multiple missing buf length checks
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:46:59.029413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:47:03.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT:Classic: Multiple missing buf length checks"
}
],
"value": "BT:Classic: Multiple missing buf length checks"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:51:31.811Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT:Classic: Multiple missing buf length checks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6135",
"datePublished": "2024-09-13T19:51:31.811Z",
"dateReserved": "2024-06-18T18:33:19.984Z",
"dateUpdated": "2024-09-16T14:47:03.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0553 (GCVE-0-2022-0553)
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2025-04-09 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor ()
Summary
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:52:48.467028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:52:59.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
]
},
"title": "Possible to retrieve uncrypted firmware image"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-0553",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-02-09T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:52:59.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5055 (GCVE-0-2023-5055)
Vulnerability from cvelistv5
Published
2023-11-21 18:05
Modified
2024-08-02 07:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Summary
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Possible variant of CVE-2021-3434 in function le_ecred_reconf_req."
}
],
"value": "Possible variant of CVE-2021-3434 in function le_ecred_reconf_req."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": " CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T18:05:10.824Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5055",
"datePublished": "2023-11-21T18:05:10.824Z",
"dateReserved": "2023-09-18T17:48:08.803Z",
"dateUpdated": "2024-08-02T07:44:53.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3806 (GCVE-0-2022-3806)
Vulnerability from cvelistv5
Published
2023-01-19 00:00
Modified
2025-04-03 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-415 - Double Free ()
Summary
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:52:30.562615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:54:53.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.8"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free (CWE-415)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
]
},
"title": "Bluetooth HCI Error Handling Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-3806",
"datePublished": "2023-01-19T00:00:00.000Z",
"dateReserved": "2022-11-01T00:00:00.000Z",
"dateUpdated": "2025-04-03T19:54:53.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8798 (GCVE-0-2024-8798)
Vulnerability from cvelistv5
Published
2024-12-15 23:23
Modified
2024-12-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T19:05:01.701752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T19:05:17.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: classic: avdtp: missing buffer length check"
}
],
"value": "No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-15T23:23:31.173Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: classic: avdtp: missing buffer length check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-8798",
"datePublished": "2024-12-15T23:23:31.173Z",
"dateReserved": "2024-09-13T17:10:16.175Z",
"dateUpdated": "2024-12-16T19:05:17.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0396 (GCVE-0-2023-0396)
Vulnerability from cvelistv5
Published
2023-01-19 00:00
Modified
2025-04-03 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read ()
Summary
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:50:24.499488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:58:53.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseSeverity": "MODERATE",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.8"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "Buffer Over-read (CWE-126)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
]
},
"title": "Buffer Overreads in Bluetooth HCI"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0396",
"datePublished": "2023-01-19T00:00:00.000Z",
"dateReserved": "2023-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-03T19:58:53.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10062 (GCVE-0-2020-10062)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-193 - Off-by-one Error
Summary
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
],
"discovery": "EXTERNAL"
},
"title": "Packet length decoding error in MQTT",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10062",
"STATE": "PUBLIC",
"TITLE": "Packet length decoding error in MQTT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193 Off-by-one Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10062",
"datePublished": "2020-06-05T17:37:37.262287Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T00:51:36.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10024 (GCVE-0-2020-10024)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 01:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-697 - Incorrect Comparison
Summary
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
],
"discovery": "EXTERNAL"
},
"title": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10024",
"STATE": "PUBLIC",
"TITLE": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23323",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23535",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23498",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10024",
"datePublished": "2020-05-11T22:26:13.572574Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-17T01:56:05.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3321 (GCVE-0-2021-3321)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow ()
Summary
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "Integer Overflow to Buffer Overflow (CWE-680)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:13",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
]
},
"title": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"ID": "CVE-2021-3321",
"STATE": "PUBLIC",
"TITLE": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow (CWE-680)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3321",
"datePublished": "2021-10-12T21:50:13.151605Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T22:51:00.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4424 (GCVE-0-2023-4424)
Vulnerability from cvelistv5
Published
2023-11-21 06:42
Modified
2024-08-02 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device."
}
],
"value": "An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T06:42:45.491Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bt: hci: DoS and possible RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4424",
"datePublished": "2023-11-21T06:42:45.491Z",
"dateReserved": "2023-08-18T19:16:36.198Z",
"dateUpdated": "2024-08-02T07:24:04.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4265 (GCVE-0-2023-4265)
Vulnerability from cvelistv5
Published
2023-08-12 22:09
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "raptor@0xdeadbeef.info"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerabilities in the following locations:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359\"\u003ehttps://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841\"\u003ehttps://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis...\u003c/a\u003e"
}
],
"value": "Potential buffer overflow vulnerabilities in the following locations:\n https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 \n https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:23.328Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in Zephyr USB",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4265",
"datePublished": "2023-08-12T22:09:20.701Z",
"dateReserved": "2023-08-08T21:13:17.402Z",
"dateUpdated": "2025-02-13T17:09:30.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10072 (GCVE-0-2020-10072)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 04:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges ()
Summary
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:26",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
]
},
"title": "Improper Handling of Insufficient Permissions or Privileges in zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-08-28T00:00:00.000Z",
"ID": "CVE-2020-10072",
"STATE": "PUBLIC",
"TITLE": "Improper Handling of Insufficient Permissions or Privileges in zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.9,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10072",
"datePublished": "2021-05-24T21:40:26.107162Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T04:15:01.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10061 (GCVE-0-2020-10061)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-16 22:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified Version: 1.14.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"datePublic": "2020-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
],
"discovery": "EXTERNAL"
},
"title": "Error handling invalid packet sequence",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-14T00:00:00.000Z",
"ID": "CVE-2020-10061",
"STATE": "PUBLIC",
"TITLE": "Error handling invalid packet sequence"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
},
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23516",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23517",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23547",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23091",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10061",
"datePublished": "2020-06-05T17:37:37.217822Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T22:52:07.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1675 (GCVE-0-2025-1675)
Vulnerability from cvelistv5
Published
2025-02-25 07:22
Modified
2025-02-28 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T17:02:22.955639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:02:37.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds read in dns_copy_qname"
}
],
"value": "The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T07:22:35.703Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2m84-5hfw-m8v4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds read in dns_copy_qname",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-1675",
"datePublished": "2025-02-25T07:22:35.703Z",
"dateReserved": "2025-02-25T06:02:31.547Z",
"dateUpdated": "2025-02-28T17:02:37.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13600 (GCVE-0-2020-13600)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:27",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
]
},
"title": "Malformed SPI in response for eswifi can corrupt kernel memory",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-10-07T00:00:00.000Z",
"ID": "CVE-2020-13600",
"STATE": "PUBLIC",
"TITLE": "Malformed SPI in response for eswifi can corrupt kernel memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13600",
"datePublished": "2021-05-24T21:40:28.051050Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-16T16:12:39.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5753 (GCVE-0-2023-5753)
Vulnerability from cvelistv5
Published
2023-10-24 16:09
Modified
2025-02-13 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:29.862Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5753",
"datePublished": "2023-10-24T16:09:03.896Z",
"dateReserved": "2023-10-24T15:56:11.178Z",
"dateUpdated": "2025-02-13T17:25:50.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13598 (GCVE-0-2020-13598)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow ()
Summary
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions \u003e= v1.14.2, \u003e= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:26",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
]
},
"title": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"ID": "CVE-2020-13598",
"STATE": "PUBLIC",
"TITLE": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions \u003e= v1.14.2, \u003e= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.3,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13598",
"datePublished": "2021-05-24T21:40:26.773048Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T03:28:53.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3455 (GCVE-0-2021-3455)
Vulnerability from cvelistv5
Published
2021-10-19 22:25
Modified
2024-09-16 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.4.0 < unspecified Version: 2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions \u003e= 2.4.0, \u003e= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T22:25:09",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
]
},
"title": "Disconnecting L2CAP channel right after invalid ATT request leads freeze",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-19T00:00:00.000Z",
"ID": "CVE-2021-3455",
"STATE": "PUBLIC",
"TITLE": "Disconnecting L2CAP channel right after invalid ATT request leads freeze"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions \u003e= 2.4.0, \u003e= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free (CWE-416)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3455",
"datePublished": "2021-10-19T22:25:09.479971Z",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-09-16T18:38:53.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10058 (GCVE-0-2020-10058)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
],
"discovery": "EXTERNAL"
},
"title": "Multiple Syscalls In kscan Subsystem Performs No Argument Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10058",
"STATE": "PUBLIC",
"TITLE": "Multiple Syscalls In kscan Subsystem Performs No Argument Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23308",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23748",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10058",
"datePublished": "2020-05-11T22:26:15.962695Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T01:36:46.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3725 (GCVE-0-2023-3725)
Vulnerability from cvelistv5
Published
2023-10-06 20:10
Modified
2025-02-13 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Summary
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:51:14.039341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:51:58.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem"
}
],
"value": "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:16.490Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerability in the Zephyr CANbus subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-3725",
"datePublished": "2023-10-06T20:10:11.543Z",
"dateReserved": "2023-07-17T21:35:36.647Z",
"dateUpdated": "2025-02-13T16:56:38.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6749 (GCVE-0-2023-6749)
Vulnerability from cvelistv5
Published
2024-02-18 07:04
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Unchecked length coming from user input in settings shell
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T15:23:59.701852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:24:08.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked length coming from user input in settings shell"
}
],
"value": "Unchecked length coming from user input in settings shell"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T07:04:36.321Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unchecked user input length in the Zephyr Settings Shell",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-6749",
"datePublished": "2024-02-18T07:04:36.321Z",
"dateReserved": "2023-12-12T18:25:35.440Z",
"dateUpdated": "2024-08-02T08:42:07.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10027 (GCVE-0-2020-10027)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-697 - Incorrect Comparison
Summary
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
],
"discovery": "EXTERNAL"
},
"title": "ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10027",
"STATE": "PUBLIC",
"TITLE": "ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23328",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23500",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23499",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10027",
"datePublished": "2020-05-11T22:26:14.923233Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T20:52:35.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1902 (GCVE-0-2023-1902)
Vulnerability from cvelistv5
Published
2023-07-10 04:30
Modified
2024-11-07 15:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:20:57.719615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672 Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:21:40.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer."
}
],
"value": "The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:30:14.243Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCI Connection Creation Dangling State Reference Re-use",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-1902",
"datePublished": "2023-07-10T04:30:14.243Z",
"dateReserved": "2023-04-05T22:24:28.688Z",
"dateUpdated": "2024-11-07T15:21:40.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2962 (GCVE-0-2025-2962)
Vulnerability from cvelistv5
Published
2025-06-24 05:32
Modified
2025-06-24 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
A denial-of-service issue in the dns implemenation could cause an infinite loop.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T14:22:02.585148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T14:22:14.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "*",
"versionType": "git"
},
{
"lessThanOrEqual": "3.7.1",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Infinite loop in dns_copy_qname"
}
],
"value": "A denial-of-service issue in the dns implemenation could cause an infinite loop."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T05:32:11.287Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2qp5-c2vq-g2ww"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Infinite loop in dns_copy_qname",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-2962",
"datePublished": "2025-06-24T05:32:11.287Z",
"dateReserved": "2025-03-30T05:20:45.340Z",
"dateUpdated": "2025-06-24T14:22:14.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11263 (GCVE-0-2024-11263)
Vulnerability from cvelistv5
Published
2024-11-15 22:53
Modified
2024-11-18 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - Privilege Context Switching Error
Summary
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T17:44:38.277866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T17:45:21.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y"
}
],
"value": "When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "Privilege Context Switching Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T22:53:58.593Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-11263",
"datePublished": "2024-11-15T22:53:58.593Z",
"dateReserved": "2024-11-15T16:34:35.784Z",
"dateUpdated": "2024-11-18T17:45:21.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3625 (GCVE-0-2021-3625)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions \u003e= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:20",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
]
},
"title": "Buffer overflow in Zephyr USB DFU DNLOAD",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-09-21T00:00:00.000Z",
"ID": "CVE-2021-3625",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Zephyr USB DFU DNLOAD"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions \u003e= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"environmentalScore": 9.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9.6,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3625",
"datePublished": "2021-10-05T20:50:20.352754Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T18:49:27.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10022 (GCVE-0-2020-10022)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10022",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24154",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24065",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24066",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10022",
"datePublished": "2020-05-11T22:26:12.494138Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T23:45:41.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10021 (GCVE-0-2020-10021)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.1 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in USB Mass Storage with unaligned sizes",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10021",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write in USB Mass Storage with unaligned sizes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.1"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23240",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23455",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23456",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10021",
"datePublished": "2020-05-11T22:26:11.985594Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-17T00:16:14.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10066 (GCVE-0-2020-10066)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 01:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Error Handling in Bluetooth HCI core. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:24",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
]
},
"title": "Incorrect Error Handling in Bluetooth HCI core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10066",
"STATE": "PUBLIC",
"TITLE": "Incorrect Error Handling in Bluetooth HCI core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Error Handling in Bluetooth HCI core. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 2.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10066",
"datePublished": "2021-05-24T21:40:24.776002Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T01:41:15.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4264 (GCVE-0-2023-4264)
Vulnerability from cvelistv5
Published
2023-09-26 18:34
Modified
2025-06-18 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-122 - Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Summary
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:13:20.137564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:13:45.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:20.031Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4264",
"datePublished": "2023-09-26T18:34:52.817Z",
"dateReserved": "2023-08-08T21:12:31.078Z",
"dateUpdated": "2025-06-18T14:13:45.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3861 (GCVE-0-2021-3861)
Vulnerability from cvelistv5
Published
2022-02-07 22:00
Modified
2024-09-16 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.6.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T22:00:13",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
]
},
"title": "The RNDIS USB device class includes a buffer overflow vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-01-05T00:00:00.000Z",
"ID": "CVE-2021-3861",
"STATE": "PUBLIC",
"TITLE": "The RNDIS USB device class includes a buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.6.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.2,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3861",
"datePublished": "2022-02-07T22:00:13.805383Z",
"dateReserved": "2021-10-05T00:00:00",
"dateUpdated": "2024-09-16T16:18:17.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3432 (GCVE-0-2021-3432)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-17 00:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-369 - Divide By Zero ()
Summary
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.0 < unspecified Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "Divide By Zero (CWE-369)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:28",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
]
},
"title": "BT: Invalid interval in CONNECT_IND leads to Division by Zero",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3432",
"STATE": "PUBLIC",
"TITLE": "BT: Invalid interval in CONNECT_IND leads to Division by Zero"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Divide By Zero (CWE-369)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3432",
"datePublished": "2022-06-28T19:45:28.514936Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-17T00:21:58.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4257 (GCVE-0-2023-4257)
Vulnerability from cvelistv5
Published
2023-10-13 21:09
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:48:38.291355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:48:50.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows."
}
],
"value": "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:31.523Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unchecked user input length in the Zephyr WiFi shell module",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4257",
"datePublished": "2023-10-13T21:09:51.733Z",
"dateReserved": "2023-08-08T21:07:32.623Z",
"dateUpdated": "2025-02-13T17:09:27.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1042 (GCVE-0-2022-1042)
Vulnerability from cvelistv5
Published
2022-07-26 04:25
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-26T04:25:22",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
]
},
"title": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-07-25T00:00:00.000Z",
"ID": "CVE-2022-1042",
"STATE": "PUBLIC",
"TITLE": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "Adjacent",
"availabilityImpact": "LOW",
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-1042",
"datePublished": "2022-07-26T04:25:22.458272Z",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-09-16T20:17:50.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1041 (GCVE-0-2022-1041)
Vulnerability from cvelistv5
Published
2022-07-26 04:25
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-26T04:25:09",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
]
},
"title": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-07-25T00:00:00.000Z",
"ID": "CVE-2022-1041",
"STATE": "PUBLIC",
"TITLE": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "Adjacent",
"availabilityImpact": "LOW",
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-1041",
"datePublished": "2022-07-26T04:25:10.049119Z",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-09-17T00:11:32.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0359 (GCVE-0-2023-0359)
Vulnerability from cvelistv5
Published
2023-07-10 04:21
Modified
2024-11-12 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0359",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:20:51.993277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:21:00.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "*",
"versionType": "git"
},
{
"lessThanOrEqual": "2.7.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing nullptr-check in handle_ra_input can cause a nullptr-deref."
}
],
"value": "A missing nullptr-check in handle_ra_input can cause a nullptr-deref."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:21:21.203Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ipv6: Missing ipv6 nullptr-check in handle_ra_input",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0359",
"datePublished": "2023-07-10T04:21:21.203Z",
"dateReserved": "2023-01-18T02:13:16.899Z",
"dateUpdated": "2024-11-12T14:21:00.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3430 (GCVE-0-2021-3430)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion ()
Summary
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.0 < unspecified Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions \u003e= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion (CWE-617)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:19",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
]
},
"title": "BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3430",
"STATE": "PUBLIC",
"TITLE": "BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions \u003e= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion (CWE-617)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3430",
"datePublished": "2022-06-28T19:45:19.535562Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T23:25:47.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3323 (GCVE-0-2021-3323)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-16 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound) ()
Summary
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:16",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
]
},
"title": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"ID": "CVE-2021-3323",
"STATE": "PUBLIC",
"TITLE": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.3,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Underflow (Wrap or Wraparound) (CWE-191)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3323",
"datePublished": "2021-10-12T21:50:16.135206Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T17:07:54.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6258 (GCVE-0-2024-6258)
Vulnerability from cvelistv5
Published
2024-09-13 19:05
Modified
2024-09-16 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
BT: Missing length checks of net_buf in rfcomm_handle_data
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:43:51.367787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:46:42.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Missing length checks of net_buf in rfcomm_handle_data"
}
],
"value": "BT: Missing length checks of net_buf in rfcomm_handle_data"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:05:53.783Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7833-fcpm-3ggm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Missing length checks of net_buf in rfcomm_handle_data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6258",
"datePublished": "2024-09-13T19:05:53.783Z",
"dateReserved": "2024-06-21T20:44:04.693Z",
"dateUpdated": "2024-09-16T14:46:42.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10060 (GCVE-0-2020-10060)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T14:01:00",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Might Dereference An Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10060",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Might Dereference An Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27865",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27889",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27891",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27893",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10060",
"datePublished": "2020-05-11T22:26:16.934239Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T23:31:11.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4263 (GCVE-0-2023-4263)
Vulnerability from cvelistv5
Published
2023-10-13 20:42
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Summary
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver"
}
],
"value": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:28.258Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4263",
"datePublished": "2023-10-13T20:42:11.942Z",
"dateReserved": "2023-08-08T21:11:51.946Z",
"dateUpdated": "2025-02-13T17:09:29.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13599 (GCVE-0-2020-13599)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions ()
Summary
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:15.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Security problem with settings and littlefs. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions (CWE-276)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:06:09",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
]
},
"title": "Security problem with settings and littlefs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-25T00:00:00.000Z",
"ID": "CVE-2020-13599",
"STATE": "PUBLIC",
"TITLE": "Security problem with settings and littlefs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Security problem with settings and littlefs. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.3,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13599",
"datePublished": "2021-05-24T21:40:27.423754Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T00:01:53.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3320 (GCVE-0-2021-3320)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in 802154 ACK Frames Handling. Zephyr versions \u003e= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:30",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
]
},
"title": "Type Confusion in 802154 ACK Frames Handling",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"ID": "CVE-2021-3320",
"STATE": "PUBLIC",
"TITLE": "Type Confusion in 802154 ACK Frames Handling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type Confusion in 802154 ACK Frames Handling. Zephyr versions \u003e= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3320",
"datePublished": "2021-05-24T21:40:30.745441Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T22:25:53.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2993 (GCVE-0-2022-2993)
Vulnerability from cvelistv5
Published
2022-12-12 01:50
Modified
2025-04-22 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:04:05.139328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:04:39.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-09T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
]
},
"title": "bt: host: Wrong key validation check"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-2993",
"datePublished": "2022-12-12T01:50:00.293Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:04:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3329 (GCVE-0-2021-3329)
Vulnerability from cvelistv5
Published
2023-02-26 00:00
Modified
2025-03-11 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions ()
Summary
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:25:34.489205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:25:38.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-26T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
]
},
"title": "DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3329",
"datePublished": "2023-02-26T00:00:00.000Z",
"dateReserved": "2021-01-27T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:25:38.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3966 (GCVE-0-2021-3966)
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2025-04-09 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3966",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:00:22.435063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:29:11.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
]
},
"title": "Usb bluetooth device ACL read cb buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3966",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-09T18:29:11.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10068 (GCVE-0-2020-10068)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified Version: 1.14.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
],
"discovery": "EXTERNAL"
},
"title": "Zephyr Bluetooth DLE duplicate requests vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10068",
"STATE": "PUBLIC",
"TITLE": "Zephyr Bluetooth DLE duplicate requests vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
},
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23091",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23707",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23708",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23964",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10068",
"datePublished": "2020-06-05T17:37:37.415724Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T17:54:11.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6881 (GCVE-0-2023-6881)
Vulnerability from cvelistv5
Published
2024-02-20 18:25
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Possible buffer overflow in is_mount_point
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:50:22.394301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:04.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Possible buffer overflow in is_mount_point"
}
],
"value": "Possible buffer overflow in is_mount_point"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T18:25:19.453Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "fs: fuse: buffer overflow vulnerability in the Zephyr FS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-6881",
"datePublished": "2024-02-20T18:25:19.453Z",
"dateReserved": "2023-12-15T23:14:18.900Z",
"dateUpdated": "2024-08-02T08:42:08.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5754 (GCVE-0-2024-5754)
Vulnerability from cvelistv5
Published
2024-09-13 18:50
Modified
2024-09-16 14:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
BT: Encryption procedure host vulnerability
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:16:36.994922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:17:06.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Encryption procedure host vulnerability"
}
],
"value": "BT: Encryption procedure host vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T18:50:05.314Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gvv5-66hw-5qrc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Encryption procedure host vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-5754",
"datePublished": "2024-09-13T18:50:05.314Z",
"dateReserved": "2024-06-07T16:59:42.401Z",
"dateUpdated": "2024-09-16T14:17:06.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7060 (GCVE-0-2023-7060)
Vulnerability from cvelistv5
Published
2024-03-15 18:12
Modified
2025-03-27 14:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T16:17:43.040964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:57:28.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Security Control in Zephyr OS IP Packet Handling"
}
],
"value": "Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T18:12:36.499Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Security Control in Zephyr OS IP Packet Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-7060",
"datePublished": "2024-03-15T18:12:36.499Z",
"dateReserved": "2023-12-21T16:40:49.260Z",
"dateUpdated": "2025-03-27T14:57:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4259 (GCVE-0-2023-4259)
Vulnerability from cvelistv5
Published
2023-09-25 23:05
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T20:16:33.010531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:16:45.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.4",
"status": "affected",
"version": "1.14",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code."
}
],
"value": "Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:33.171Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4259",
"datePublished": "2023-09-25T23:05:40.753Z",
"dateReserved": "2023-08-08T21:09:18.317Z",
"dateUpdated": "2025-02-13T17:09:28.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3322 (GCVE-0-2021-3322)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-16 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:14",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
]
},
"title": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-21T00:00:00.000Z",
"ID": "CVE-2021-3322",
"STATE": "PUBLIC",
"TITLE": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3322",
"datePublished": "2021-10-12T21:50:14.638805Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T18:45:16.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6249 (GCVE-0-2023-6249)
Vulnerability from cvelistv5
Published
2024-02-18 07:27
Modified
2024-08-02 08:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Summary
Signed to unsigned conversion esp32_ipm_send
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:16:49.904392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:57.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:18.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Signed to unsigned conversion esp32_ipm_send"
}
],
"value": "Signed to unsigned conversion esp32_ipm_send"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T07:27:13.399Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ipm: signed to unsigned conversion problem in esp32_ipm_send",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-6249",
"datePublished": "2024-02-18T07:27:13.399Z",
"dateReserved": "2023-11-21T22:45:28.249Z",
"dateUpdated": "2024-08-02T08:21:18.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13601 (GCVE-0-2020-13601)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Possible read out of bounds in dns read. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:28",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
]
},
"title": "Possible read out of bounds in dns read",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-11-18T00:00:00.000Z",
"ID": "CVE-2020-13601",
"STATE": "PUBLIC",
"TITLE": "Possible read out of bounds in dns read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Possible read out of bounds in dns read. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13601",
"datePublished": "2021-05-24T21:40:28.696374Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T01:01:29.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10069 (GCVE-0-2020-10069)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-233 - Improper Handling of Parameters ()
Summary
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "Improper Handling of Parameters (CWE-233)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:25",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
]
},
"title": "Zephyr Bluetooth unchecked packet data results in denial of service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10069",
"STATE": "PUBLIC",
"TITLE": "Zephyr Bluetooth unchecked packet data results in denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Parameters (CWE-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10069",
"datePublished": "2021-05-24T21:40:25.468262Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T16:27:47.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3510 (GCVE-0-2021-3510)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-588 - Attempt to Access Child of a Non-structure Pointer ()
Summary
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >1.14.0 < unspecified Version: >2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions \u003e= \u003e1.14.0, \u003e= \u003e2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-588",
"description": "Attempt to Access Child of a Non-structure Pointer (CWE-588)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:17",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
]
},
"title": "Zephyr JSON decoder incorrectly decodes array of array",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-20T00:00:00.000Z",
"ID": "CVE-2021-3510",
"STATE": "PUBLIC",
"TITLE": "Zephyr JSON decoder incorrectly decodes array of array"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "\u003e2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions \u003e= \u003e1.14.0, \u003e= \u003e2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Attempt to Access Child of a Non-structure Pointer (CWE-588)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3510",
"datePublished": "2021-10-05T20:50:17.320779Z",
"dateReserved": "2021-04-20T00:00:00",
"dateUpdated": "2024-09-16T19:04:43.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3431 (GCVE-0-2021-3431)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 22:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion ()
Summary
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions \u003e= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion (CWE-617)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
]
},
"title": "BT: Assertion failure on repeated LL_FEATURE_REQ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3431",
"STATE": "PUBLIC",
"TITLE": "BT: Assertion failure on repeated LL_FEATURE_REQ"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions \u003e= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion (CWE-617)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3431",
"datePublished": "2022-06-28T19:45:23.532259Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T22:52:14.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4260 (GCVE-0-2023-4260)
Vulnerability from cvelistv5
Published
2023-09-26 19:23
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:21.672Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4260",
"datePublished": "2023-09-26T19:23:48.078Z",
"dateReserved": "2023-08-08T21:10:14.640Z",
"dateUpdated": "2025-02-13T17:09:28.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4258 (GCVE-0-2023-4258)
Vulnerability from cvelistv5
Published
2023-09-25 21:46
Modified
2024-09-24 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-684 - Incorrect Provision of Specified Functionality The code does not function according to its published specifications, potentially leading to incorrect usage.
Summary
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThan": "3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:45:09.412727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:47:10.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "1.14",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.\u003c/p\u003e"
}
],
"value": "In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": " CWE-684 Incorrect Provision of Specified Functionality The code does not function according to its published specifications, potentially leading to incorrect usage.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T21:46:37.430Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bt: mesh: vulnerability in provisioning protocol implementation on provisionee side",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4258",
"datePublished": "2023-09-25T21:46:37.430Z",
"dateReserved": "2023-08-08T21:08:39.861Z",
"dateUpdated": "2024-09-24T19:47:10.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3434 (GCVE-0-2021-3434)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-17 00:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow ()
Summary
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified Version: v2.6.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions \u003e= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:39",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
]
},
"title": "L2CAP: Stack based buffer overflow in le_ecred_conn_req()",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3434",
"STATE": "PUBLIC",
"TITLE": "L2CAP: Stack based buffer overflow in le_ecred_conn_req()"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.6.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions \u003e= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MODERATE",
"confidentialityImpact": "LOW",
"environmentalScore": 4.9,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3434",
"datePublished": "2022-06-28T19:45:39.519233Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-17T00:36:23.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6259 (GCVE-0-2024-6259)
Vulnerability from cvelistv5
Published
2024-09-13 20:17
Modified
2024-09-25 15:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6259",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:35:18.530446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:57:30.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report"
}
],
"value": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T20:17:58.827Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p5j7-v26w-wmcp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6259",
"datePublished": "2024-09-13T20:17:58.827Z",
"dateReserved": "2024-06-21T20:48:52.552Z",
"dateUpdated": "2024-09-25T15:57:30.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5563 (GCVE-0-2023-5563)
Vulnerability from cvelistv5
Published
2023-10-12 23:11
Modified
2024-09-17 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Summary
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T17:08:27.283979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:08:43.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "3.3",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
}
],
"value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
}
],
"impacts": [
{
"capecId": "CAPEC-74",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-74 Manipulating User State"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": " CWE-703 Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:11:18.074Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5563",
"datePublished": "2023-10-12T23:11:18.074Z",
"dateReserved": "2023-10-12T22:58:30.695Z",
"dateUpdated": "2024-09-17T17:08:43.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3319 (GCVE-0-2021-3319)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: > v2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e v2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions \u003e= \u003e v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-588",
"description": "Attempt to Access Child of a Non-structure Pointer (CWE-588)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:14",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
]
},
"title": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-04-14T00:00:00.000Z",
"ID": "CVE-2021-3319",
"STATE": "PUBLIC",
"TITLE": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e v2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions \u003e= \u003e v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Attempt to Access Child of a Non-structure Pointer (CWE-588)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3319",
"datePublished": "2021-10-05T20:50:14.254605Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T22:14:56.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6137 (GCVE-0-2024-6137)
Vulnerability from cvelistv5
Published
2024-09-13 20:06
Modified
2024-09-16 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
BT: Classic: SDP OOB access in get_att_search_list
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6137",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:41:38.967851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:45:48.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Classic: SDP OOB access in get_att_search_list"
}
],
"value": "BT: Classic: SDP OOB access in get_att_search_list"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T20:06:45.347Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Classic: SDP OOB access in get_att_search_list",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6137",
"datePublished": "2024-09-13T20:06:45.347Z",
"dateReserved": "2024-06-18T18:47:56.163Z",
"dateUpdated": "2024-09-16T14:45:48.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13602 (GCVE-0-2020-13602)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions \u003e= 1.14.2, \u003e= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:29",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
]
},
"title": "Remote Denial of Service in LwM2M do_write_op_tlv",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-25T00:00:00.000Z",
"ID": "CVE-2020-13602",
"STATE": "PUBLIC",
"TITLE": "Remote Denial of Service in LwM2M do_write_op_tlv"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions \u003e= 1.14.2, \u003e= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13602",
"datePublished": "2021-05-24T21:40:29.344412Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T02:56:50.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3581 (GCVE-0-2021-3581)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value ()
Summary
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer Access with Incorrect Length Value in zephyr. Zephyr versions \u003e= \u003e=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "Buffer Access with Incorrect Length Value (CWE-805)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:18",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
]
},
"title": "Buffer Access with Incorrect Length Value in zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-09-04T00:00:00.000Z",
"ID": "CVE-2021-3581",
"STATE": "PUBLIC",
"TITLE": "Buffer Access with Incorrect Length Value in zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value in zephyr. Zephyr versions \u003e= \u003e=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value (CWE-805)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3581",
"datePublished": "2021-10-05T20:50:18.826412Z",
"dateReserved": "2021-06-04T00:00:00",
"dateUpdated": "2024-09-16T19:05:46.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10070 (GCVE-0-2020-10070)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-16 23:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
],
"discovery": "EXTERNAL"
},
"title": "MQTT buffer overflow on receive buffer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10070",
"STATE": "PUBLIC",
"TITLE": "MQTT buffer overflow on receive buffer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10070",
"datePublished": "2020-06-05T17:37:37.459802Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T23:06:22.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5184 (GCVE-0-2023-5184)
Vulnerability from cvelistv5
Published
2023-09-27 17:26
Modified
2025-06-18 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:08:07.737756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:08:20.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-195",
"description": "CWE-195 Signed to Unsigned Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:26.619Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5184",
"datePublished": "2023-09-27T17:26:51.660Z",
"dateReserved": "2023-09-25T19:53:12.084Z",
"dateUpdated": "2025-06-18T14:08:20.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10064 (GCVE-0-2020-10064)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 21:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Frame Validation in ieee802154 Processing. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
]
},
"title": "Improper Input Frame Validation in ieee802154 Processing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10064",
"STATE": "PUBLIC",
"TITLE": "Improper Input Frame Validation in ieee802154 Processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Frame Validation in ieee802154 Processing. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.3,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10064",
"datePublished": "2021-05-24T21:40:23.371097Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T21:03:04.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3330 (GCVE-0-2021-3330)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-17 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:17",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
]
},
"title": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-20T00:00:00.000Z",
"ID": "CVE-2021-3330",
"STATE": "PUBLIC",
"TITLE": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.1,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3330",
"datePublished": "2021-10-12T21:50:17.624934Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-17T01:00:47.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3835 (GCVE-0-2021-3835)
Vulnerability from cvelistv5
Published
2022-02-07 22:00
Modified
2024-09-17 00:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.6.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in usb device class. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T22:00:12",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
]
},
"title": "Buffer overflow in usb device class",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-10-02T00:00:00.000Z",
"ID": "CVE-2021-3835",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in usb device class"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.6.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in usb device class. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.2,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3835",
"datePublished": "2022-02-07T22:00:12.211014Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-17T00:15:57.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1841 (GCVE-0-2022-1841)
Vulnerability from cvelistv5
Published
2022-08-31 19:40
Modified
2024-09-16 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T19:40:08",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
]
},
"title": "Out-of-bound write in tcp_flags",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-09-23T00:00:00.000Z",
"ID": "CVE-2022-1841",
"STATE": "PUBLIC",
"TITLE": "Out-of-bound write in tcp_flags"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "Network",
"availabilityImpact": "LOW",
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-1841",
"datePublished": "2022-08-31T19:40:08.845879Z",
"dateReserved": "2022-05-24T00:00:00",
"dateUpdated": "2024-09-16T22:14:38.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}