Vulnerabilites related to zephyrproject - zephyr
CVE-2023-2234 (GCVE-0-2023-2234)
Vulnerability from cvelistv5
Published
2023-07-10 04:33
Modified
2024-11-07 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:13.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2234",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:19:43.330544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:20:13.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host."
}
],
"value": "Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:33:35.254Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT HCI host union variant confusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-2234",
"datePublished": "2023-07-10T04:33:35.254Z",
"dateReserved": "2023-04-21T17:15:56.122Z",
"dateUpdated": "2024-11-07T15:20:13.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10067 (GCVE-0-2020-10067)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.1 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
],
"discovery": "EXTERNAL"
},
"title": "Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10067",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.1"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23239",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23653",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23654",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10067",
"datePublished": "2020-05-11T22:26:17.372048Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T16:37:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3332 (GCVE-0-2024-3332)
Vulnerability from cvelistv5
Published
2024-07-03 16:44
Modified
2024-08-01 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:43:22.944853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:00:13.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device"
}
],
"value": "A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T16:44:28.197Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bt: host/smp: DoS caused by null pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-3332",
"datePublished": "2024-07-03T16:44:28.197Z",
"dateReserved": "2024-04-04T17:09:09.444Z",
"dateUpdated": "2024-08-01T20:05:08.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13603 (GCVE-0-2020-13603)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound ()
Summary
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow in memory allocating functions. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:29",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
]
},
"title": "Integer Overflow in memory allocating functions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-03-23T00:00:00.000Z",
"ID": "CVE-2020-13603",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow in memory allocating functions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow in memory allocating functions. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.9,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound (CWE-190)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13603",
"datePublished": "2021-05-24T21:40:30.045607Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-16T23:36:24.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1673 (GCVE-0-2025-1673)
Vulnerability from cvelistv5
Published
2025-02-25 07:12
Modified
2025-02-28 17:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T17:04:30.075858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:04:42.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg"
}
],
"value": "A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T07:12:13.455Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjhx-rrh4-j8mx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-1673",
"datePublished": "2025-02-25T07:12:13.455Z",
"dateReserved": "2025-02-25T06:01:00.388Z",
"dateUpdated": "2025-02-28T17:04:42.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3436 (GCVE-0-2021-3436)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-694 - Use of Multiple Resources with Duplicate Identifier ()
Summary
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.4.0 < unspecified Version: 2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0, \u003e= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-694",
"description": "Use of Multiple Resources with Duplicate Identifier (CWE-694)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:15",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
]
},
"title": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-11T00:00:00.000Z",
"ID": "CVE-2021-3436",
"STATE": "PUBLIC",
"TITLE": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0, \u003e= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Multiple Resources with Duplicate Identifier (CWE-694)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3436",
"datePublished": "2021-10-05T20:50:15.802366Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T20:31:46.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000800 (GCVE-0-2018-1000800)
Vulnerability from cvelistv5
Published
2018-09-06 17:00
Modified
2024-09-17 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.971905",
"DATE_REQUESTED": "2018-08-20T17:57:40",
"ID": "CVE-2018-1000800",
"REQUESTER": "situlingyun@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zephyrproject-rtos/zephyr/issues/7638",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000800",
"datePublished": "2018-09-06T17:00:00Z",
"dateReserved": "2018-09-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:31:49.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1901 (GCVE-0-2023-1901)
Vulnerability from cvelistv5
Published
2023-07-10 04:37
Modified
2024-11-07 15:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1901",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:11:58.244687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672 Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:19:24.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:37:33.126Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCI send_sync Dangling Semaphore Reference Re-use",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-1901",
"datePublished": "2023-07-10T04:37:33.126Z",
"dateReserved": "2023-04-05T22:11:42.140Z",
"dateUpdated": "2024-11-07T15:19:24.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10063 (GCVE-0-2020-10063)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-17 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified Version: 2.1.0 < unspecified Version: 1.14.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
],
"discovery": "EXTERNAL"
},
"title": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10063",
"STATE": "PUBLIC",
"TITLE": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
},
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24435",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24531",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24535",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24530",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10063",
"datePublished": "2020-06-05T17:37:37.314752Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T04:03:51.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6443 (GCVE-0-2024-6443)
Vulnerability from cvelistv5
Published
2024-10-04 05:56
Modified
2024-10-04 13:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6443",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:49:49.688130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:50:42.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "zephyr: out-of-bound read in utf8_trunc"
}
],
"value": "In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T05:56:30.135Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gg46-3rh2-v765"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "zephyr: out-of-bound read in utf8_trunc",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6443",
"datePublished": "2024-10-04T05:56:30.135Z",
"dateReserved": "2024-07-02T06:00:55.818Z",
"dateUpdated": "2024-10-04T13:50:42.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10019 (GCVE-0-2020-10019)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.1 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
],
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow in USB DFU requested length",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10019",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow in USB DFU requested length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.1"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23190",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23457",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23460",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10019",
"datePublished": "2020-05-11T22:26:11.452886Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-17T02:12:14.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10059 (GCVE-0-2020-10059)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 02:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Module Explicitly Disables TLS Verification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10059",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Explicitly Disables TLS Verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24954",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24999",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24997",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10059",
"datePublished": "2020-05-11T22:26:16.442001Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T02:07:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0397 (GCVE-0-2023-0397)
Vulnerability from cvelistv5
Published
2023-01-19 00:00
Modified
2025-04-03 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions ()
Summary
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:49:30.912838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:03:20.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
]
},
"title": "DoS: Invalid Initialization in le_read_buffer_size_complete"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0397",
"datePublished": "2023-01-19T00:00:00.000Z",
"dateReserved": "2023-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-03T17:03:20.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10028 (GCVE-0-2020-10028)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
],
"discovery": "EXTERNAL"
},
"title": "Multiple Syscalls In GPIO Subsystem Performs No Argument Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10028",
"STATE": "PUBLIC",
"TITLE": "Multiple Syscalls In GPIO Subsystem Performs No Argument Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23308",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23733",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23737",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10028",
"datePublished": "2020-05-11T22:26:15.474877Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T17:09:14.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6444 (GCVE-0-2024-6444)
Vulnerability from cvelistv5
Published
2024-10-04 06:14
Modified
2024-10-04 13:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6444",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:48:21.272000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:49:14.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: ots: missing buffer length check"
}
],
"value": "No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T06:14:26.348Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qj4r-chj6-h7qp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: ots: missing buffer length check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6444",
"datePublished": "2024-10-04T06:14:26.348Z",
"dateReserved": "2024-07-02T06:07:28.811Z",
"dateUpdated": "2024-10-04T13:49:14.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4785 (GCVE-0-2024-4785)
Vulnerability from cvelistv5
Published
2024-08-19 22:10
Modified
2024-08-22 14:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T14:27:50.440384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:28:01.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"
}
],
"value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T22:10:05.249Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-4785",
"datePublished": "2024-08-19T22:10:05.249Z",
"dateReserved": "2024-05-10T19:03:31.098Z",
"dateUpdated": "2024-08-22T14:28:01.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6442 (GCVE-0-2024-6442)
Vulnerability from cvelistv5
Published
2024-10-04 05:36
Modified
2024-10-04 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6442",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:51:06.391128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:52:10.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: ASCS Unchecked tailroom of the response buffer"
}
],
"value": "In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T05:36:10.488Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m22j-ccg7-4v4h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: ASCS Unchecked tailroom of the response buffer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6442",
"datePublished": "2024-10-04T05:36:10.488Z",
"dateReserved": "2024-07-02T05:35:41.910Z",
"dateUpdated": "2024-10-04T13:52:10.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3433 (GCVE-0-2021-3433)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions ()
Summary
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions \u003e= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:34",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
]
},
"title": "BT: Invalid channel map in CONNECT_IND results to Deadlock",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3433",
"STATE": "PUBLIC",
"TITLE": "BT: Invalid channel map in CONNECT_IND results to Deadlock"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions \u003e= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Check or Handling of Exceptional Conditions (CWE-703)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3433",
"datePublished": "2022-06-28T19:45:34.282461Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T18:28:43.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3454 (GCVE-0-2021-3454)
Vulnerability from cvelistv5
Published
2021-10-19 22:50
Modified
2024-09-17 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.4.0 < unspecified Version: v.2.50 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v.2.50",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Truncated L2CAP K-frame causes assertion failure. Zephyr versions \u003e= 2.4.0, \u003e= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "Improper Handling of Length Parameter Inconsistency (CWE-130)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion (CWE-617)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T22:50:08",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
]
},
"title": "Truncated L2CAP K-frame causes assertion failure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-05-24T00:00:00.000Z",
"ID": "CVE-2021-3454",
"STATE": "PUBLIC",
"TITLE": "Truncated L2CAP K-frame causes assertion failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "v.2.50"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Truncated L2CAP K-frame causes assertion failure. Zephyr versions \u003e= 2.4.0, \u003e= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency (CWE-130)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion (CWE-617)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3454",
"datePublished": "2021-10-19T22:50:09.038849Z",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-09-17T00:01:39.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10065 (GCVE-0-2020-10065)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency ()
Summary
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "Improper Handling of Length Parameter Inconsistency (CWE-130)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
},
"title": "Missing Size Checks in Bluetooth HCI over SPI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10065",
"STATE": "PUBLIC",
"TITLE": "Missing Size Checks in Bluetooth HCI over SPI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.8,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency (CWE-130)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10065",
"datePublished": "2021-05-24T21:40:24.079319Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T22:09:54.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10023 (GCVE-0-2020-10023)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
],
"discovery": "EXTERNAL"
},
"title": "Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10023",
"STATE": "PUBLIC",
"TITLE": "Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23304",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23646",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23649",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10023",
"datePublished": "2020-05-11T22:26:13.032987Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T18:03:31.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0779 (GCVE-0-2023-0779)
Vulnerability from cvelistv5
Published
2023-05-30 00:00
Modified
2025-02-13 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Valiation ()
Summary
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < v3.3 Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:34:43.160113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:35:53.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "v3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v2.7.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device\u2019s memory layout, further exploitation is possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Valiation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T21:00:13.800Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
]
},
"title": "net: shell: Improper input validation"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0779",
"datePublished": "2023-05-30T00:00:00.000Z",
"dateReserved": "2023-02-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:39:07.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1638 (GCVE-0-2024-1638)
Vulnerability from cvelistv5
Published
2024-02-19 21:19
Modified
2025-04-24 15:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T16:13:08.734071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:07:49.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read."
}
],
"value": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T21:19:51.915Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth characteristic LESC security requirement not enforced without additional flags",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-1638",
"datePublished": "2024-02-19T21:19:51.915Z",
"dateReserved": "2024-02-19T19:52:31.489Z",
"dateUpdated": "2025-04-24T15:07:49.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3435 (GCVE-0-2021-3435)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-908 - Use of Uninitialized Resource ()
Summary
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.4.0 < unspecified Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage in le_ecred_conn_req(). Zephyr versions \u003e= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "Use of Uninitialized Resource (CWE-908)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:44",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
]
},
"title": "L2CAP: Information leakage in le_ecred_conn_req()",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3435",
"STATE": "PUBLIC",
"TITLE": "L2CAP: Information leakage in le_ecred_conn_req()"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage in le_ecred_conn_req(). Zephyr versions \u003e= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MODERATE",
"confidentialityImpact": "LOW",
"environmentalScore": 4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Resource (CWE-908)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3435",
"datePublished": "2022-06-28T19:45:44.593076Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T17:48:21.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10071 (GCVE-0-2020-10071)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-17 04:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient publish message length validation in MQTT",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10071",
"STATE": "PUBLIC",
"TITLE": "Insufficient publish message length validation in MQTT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10071",
"datePublished": "2020-06-05T17:37:37.515923Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T04:19:36.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2741 (GCVE-0-2022-2741)
Vulnerability from cvelistv5
Published
2022-10-31 17:45
Modified
2025-05-05 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption ()
Summary
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:05:55.970352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:06:07.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
]
},
"title": "can: denial-of-service can be triggered by a crafted CAN frame"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-2741",
"datePublished": "2022-10-31T17:45:09.741Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-05-05T14:06:07.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5779 (GCVE-0-2023-5779)
Vulnerability from cvelistv5
Published
2024-02-18 07:46
Modified
2024-08-28 16:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
can: out of bounds in remove_rx_filter function
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T16:31:26.269331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:31:48.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "can: out of bounds in remove_rx_filter function"
}
],
"value": "can: out of bounds in remove_rx_filter function"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T07:46:41.927Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "can: out of bounds in remove_rx_filter function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5779",
"datePublished": "2024-02-18T07:46:41.927Z",
"dateReserved": "2023-10-26T04:08:11.579Z",
"dateUpdated": "2024-08-28T16:31:48.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1674 (GCVE-0-2025-1674)
Vulnerability from cvelistv5
Published
2025-02-25 07:18
Modified
2025-02-28 17:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T17:04:08.864147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:04:15.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds read when unpacking DNS answers"
}
],
"value": "A lack of input validation allows for out of bounds reads caused by malicious or malformed packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T07:18:52.323Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-x975-8pgf-qh66"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds read when unpacking DNS answers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-1674",
"datePublished": "2025-02-25T07:18:52.323Z",
"dateReserved": "2025-02-25T06:02:12.173Z",
"dateUpdated": "2025-02-28T17:04:15.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5139 (GCVE-0-2023-5139)
Vulnerability from cvelistv5
Published
2023-10-26 04:40
Modified
2025-02-13 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:55.655509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:08:31.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver"
}
],
"value": "Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:25.014Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerability in the Zephyr STM32 Crypto driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5139",
"datePublished": "2023-10-26T04:40:36.930Z",
"dateReserved": "2023-09-22T23:08:46.735Z",
"dateUpdated": "2025-02-13T17:19:43.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5931 (GCVE-0-2024-5931)
Vulnerability from cvelistv5
Published
2024-09-13 19:41
Modified
2024-09-16 14:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
BT: Unchecked user input in bap_broadcast_assistant
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:46:48.955985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:46:53.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Unchecked user input in bap_broadcast_assistant"
}
],
"value": "BT: Unchecked user input in bap_broadcast_assistant"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:41:57.713Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r8h3-64gp-wv7f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Unchecked user input in bap_broadcast_assistant",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-5931",
"datePublished": "2024-09-13T19:41:57.713Z",
"dateReserved": "2024-06-12T19:58:33.952Z",
"dateUpdated": "2024-09-16T14:46:53.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3077 (GCVE-0-2024-3077)
Vulnerability from cvelistv5
Published
2024-03-29 05:06
Modified
2024-08-01 19:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T18:40:47.514480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:38.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
}
],
"value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Ovead",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-29T05:06:18.378Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: integer underflow in gatt_find_info_rsp",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-3077",
"datePublished": "2024-03-29T05:06:18.378Z",
"dateReserved": "2024-03-29T04:45:26.918Z",
"dateUpdated": "2024-08-01T19:32:42.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6135 (GCVE-0-2024-6135)
Vulnerability from cvelistv5
Published
2024-09-13 19:51
Modified
2024-09-16 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
BT:Classic: Multiple missing buf length checks
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:46:59.029413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:47:03.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT:Classic: Multiple missing buf length checks"
}
],
"value": "BT:Classic: Multiple missing buf length checks"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:51:31.811Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT:Classic: Multiple missing buf length checks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6135",
"datePublished": "2024-09-13T19:51:31.811Z",
"dateReserved": "2024-06-18T18:33:19.984Z",
"dateUpdated": "2024-09-16T14:47:03.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0553 (GCVE-0-2022-0553)
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2025-04-09 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor ()
Summary
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:52:48.467028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:52:59.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
]
},
"title": "Possible to retrieve uncrypted firmware image"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-0553",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-02-09T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:52:59.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5055 (GCVE-0-2023-5055)
Vulnerability from cvelistv5
Published
2023-11-21 18:05
Modified
2024-08-02 07:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Summary
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Possible variant of CVE-2021-3434 in function le_ecred_reconf_req."
}
],
"value": "Possible variant of CVE-2021-3434 in function le_ecred_reconf_req."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": " CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T18:05:10.824Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5055",
"datePublished": "2023-11-21T18:05:10.824Z",
"dateReserved": "2023-09-18T17:48:08.803Z",
"dateUpdated": "2024-08-02T07:44:53.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3806 (GCVE-0-2022-3806)
Vulnerability from cvelistv5
Published
2023-01-19 00:00
Modified
2025-04-03 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-415 - Double Free ()
Summary
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:52:30.562615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:54:53.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.8"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free (CWE-415)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
]
},
"title": "Bluetooth HCI Error Handling Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-3806",
"datePublished": "2023-01-19T00:00:00.000Z",
"dateReserved": "2022-11-01T00:00:00.000Z",
"dateUpdated": "2025-04-03T19:54:53.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8798 (GCVE-0-2024-8798)
Vulnerability from cvelistv5
Published
2024-12-15 23:23
Modified
2024-12-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T19:05:01.701752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T19:05:17.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bluetooth: classic: avdtp: missing buffer length check"
}
],
"value": "No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-15T23:23:31.173Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth: classic: avdtp: missing buffer length check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-8798",
"datePublished": "2024-12-15T23:23:31.173Z",
"dateReserved": "2024-09-13T17:10:16.175Z",
"dateUpdated": "2024-12-16T19:05:17.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0396 (GCVE-0-2023-0396)
Vulnerability from cvelistv5
Published
2023-01-19 00:00
Modified
2025-04-03 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read ()
Summary
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:50:24.499488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:58:53.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseSeverity": "MODERATE",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.8"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "Buffer Over-read (CWE-126)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
]
},
"title": "Buffer Overreads in Bluetooth HCI"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0396",
"datePublished": "2023-01-19T00:00:00.000Z",
"dateReserved": "2023-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-03T19:58:53.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10062 (GCVE-0-2020-10062)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-193 - Off-by-one Error
Summary
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
],
"discovery": "EXTERNAL"
},
"title": "Packet length decoding error in MQTT",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10062",
"STATE": "PUBLIC",
"TITLE": "Packet length decoding error in MQTT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193 Off-by-one Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10062",
"datePublished": "2020-06-05T17:37:37.262287Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T00:51:36.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10024 (GCVE-0-2020-10024)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 01:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-697 - Incorrect Comparison
Summary
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
],
"discovery": "EXTERNAL"
},
"title": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10024",
"STATE": "PUBLIC",
"TITLE": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23323",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23535",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23498",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10024",
"datePublished": "2020-05-11T22:26:13.572574Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-17T01:56:05.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3321 (GCVE-0-2021-3321)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow ()
Summary
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "Integer Overflow to Buffer Overflow (CWE-680)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:13",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
]
},
"title": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"ID": "CVE-2021-3321",
"STATE": "PUBLIC",
"TITLE": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow (CWE-680)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3321",
"datePublished": "2021-10-12T21:50:13.151605Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T22:51:00.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4424 (GCVE-0-2023-4424)
Vulnerability from cvelistv5
Published
2023-11-21 06:42
Modified
2024-08-02 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device."
}
],
"value": "An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T06:42:45.491Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bt: hci: DoS and possible RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4424",
"datePublished": "2023-11-21T06:42:45.491Z",
"dateReserved": "2023-08-18T19:16:36.198Z",
"dateUpdated": "2024-08-02T07:24:04.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4265 (GCVE-0-2023-4265)
Vulnerability from cvelistv5
Published
2023-08-12 22:09
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "raptor@0xdeadbeef.info"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerabilities in the following locations:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359\"\u003ehttps://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841\"\u003ehttps://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis...\u003c/a\u003e"
}
],
"value": "Potential buffer overflow vulnerabilities in the following locations:\n https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 \n https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:23.328Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in Zephyr USB",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4265",
"datePublished": "2023-08-12T22:09:20.701Z",
"dateReserved": "2023-08-08T21:13:17.402Z",
"dateUpdated": "2025-02-13T17:09:30.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10072 (GCVE-0-2020-10072)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 04:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges ()
Summary
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:26",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
]
},
"title": "Improper Handling of Insufficient Permissions or Privileges in zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-08-28T00:00:00.000Z",
"ID": "CVE-2020-10072",
"STATE": "PUBLIC",
"TITLE": "Improper Handling of Insufficient Permissions or Privileges in zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.9,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10072",
"datePublished": "2021-05-24T21:40:26.107162Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T04:15:01.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10061 (GCVE-0-2020-10061)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-16 22:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified Version: 1.14.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"datePublic": "2020-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
],
"discovery": "EXTERNAL"
},
"title": "Error handling invalid packet sequence",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-14T00:00:00.000Z",
"ID": "CVE-2020-10061",
"STATE": "PUBLIC",
"TITLE": "Error handling invalid packet sequence"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
},
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23516",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23517",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23547",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23091",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10061",
"datePublished": "2020-06-05T17:37:37.217822Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T22:52:07.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14199 (GCVE-0-2017-14199)
Vulnerability from cvelistv5
Published
2019-04-12 16:20
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zephyr | getaddrinfo |
Version: 1.9.0 Version: 1.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "getaddrinfo",
"vendor": "Zephyr",
"versions": [
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"datePublic": "2018-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T16:20:02",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"ID": "CVE-2017-14199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "getaddrinfo",
"version": {
"version_data": [
{
"version_value": "1.9.0"
},
{
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Zephyr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12",
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/6158",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2017-14199",
"datePublished": "2019-04-12T16:20:02",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1675 (GCVE-0-2025-1675)
Vulnerability from cvelistv5
Published
2025-02-25 07:22
Modified
2025-02-28 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T17:02:22.955639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:02:37.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds read in dns_copy_qname"
}
],
"value": "The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T07:22:35.703Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2m84-5hfw-m8v4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds read in dns_copy_qname",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2025-1675",
"datePublished": "2025-02-25T07:22:35.703Z",
"dateReserved": "2025-02-25T06:02:31.547Z",
"dateUpdated": "2025-02-28T17:02:37.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13600 (GCVE-0-2020-13600)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:27",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
]
},
"title": "Malformed SPI in response for eswifi can corrupt kernel memory",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-10-07T00:00:00.000Z",
"ID": "CVE-2020-13600",
"STATE": "PUBLIC",
"TITLE": "Malformed SPI in response for eswifi can corrupt kernel memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13600",
"datePublished": "2021-05-24T21:40:28.051050Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-16T16:12:39.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5753 (GCVE-0-2023-5753)
Vulnerability from cvelistv5
Published
2023-10-24 16:09
Modified
2025-02-13 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:29.862Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5753",
"datePublished": "2023-10-24T16:09:03.896Z",
"dateReserved": "2023-10-24T15:56:11.178Z",
"dateUpdated": "2025-02-13T17:25:50.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13598 (GCVE-0-2020-13598)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow ()
Summary
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions \u003e= v1.14.2, \u003e= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:26",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
]
},
"title": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"ID": "CVE-2020-13598",
"STATE": "PUBLIC",
"TITLE": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions \u003e= v1.14.2, \u003e= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.3,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13598",
"datePublished": "2021-05-24T21:40:26.773048Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T03:28:53.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3455 (GCVE-0-2021-3455)
Vulnerability from cvelistv5
Published
2021-10-19 22:25
Modified
2024-09-16 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.4.0 < unspecified Version: 2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions \u003e= 2.4.0, \u003e= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T22:25:09",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
]
},
"title": "Disconnecting L2CAP channel right after invalid ATT request leads freeze",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-19T00:00:00.000Z",
"ID": "CVE-2021-3455",
"STATE": "PUBLIC",
"TITLE": "Disconnecting L2CAP channel right after invalid ATT request leads freeze"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.4.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions \u003e= 2.4.0, \u003e= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free (CWE-416)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3455",
"datePublished": "2021-10-19T22:25:09.479971Z",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-09-16T18:38:53.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10058 (GCVE-0-2020-10058)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
],
"discovery": "EXTERNAL"
},
"title": "Multiple Syscalls In kscan Subsystem Performs No Argument Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10058",
"STATE": "PUBLIC",
"TITLE": "Multiple Syscalls In kscan Subsystem Performs No Argument Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23308",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23748",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10058",
"datePublished": "2020-05-11T22:26:15.962695Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T01:36:46.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3725 (GCVE-0-2023-3725)
Vulnerability from cvelistv5
Published
2023-10-06 20:10
Modified
2025-02-13 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Summary
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:51:14.039341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:51:58.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem"
}
],
"value": "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:16.490Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerability in the Zephyr CANbus subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-3725",
"datePublished": "2023-10-06T20:10:11.543Z",
"dateReserved": "2023-07-17T21:35:36.647Z",
"dateUpdated": "2025-02-13T16:56:38.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6749 (GCVE-0-2023-6749)
Vulnerability from cvelistv5
Published
2024-02-18 07:04
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Unchecked length coming from user input in settings shell
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T15:23:59.701852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:24:08.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked length coming from user input in settings shell"
}
],
"value": "Unchecked length coming from user input in settings shell"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T07:04:36.321Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unchecked user input length in the Zephyr Settings Shell",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-6749",
"datePublished": "2024-02-18T07:04:36.321Z",
"dateReserved": "2023-12-12T18:25:35.440Z",
"dateUpdated": "2024-08-02T08:42:07.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10027 (GCVE-0-2020-10027)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-697 - Incorrect Comparison
Summary
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.0 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
],
"discovery": "EXTERNAL"
},
"title": "ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10027",
"STATE": "PUBLIC",
"TITLE": "ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23328",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23500",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23499",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10027",
"datePublished": "2020-05-11T22:26:14.923233Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T20:52:35.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1902 (GCVE-0-2023-1902)
Vulnerability from cvelistv5
Published
2023-07-10 04:30
Modified
2024-11-07 15:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:20:57.719615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672 Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:21:40.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer."
}
],
"value": "The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:30:14.243Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCI Connection Creation Dangling State Reference Re-use",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-1902",
"datePublished": "2023-07-10T04:30:14.243Z",
"dateReserved": "2023-04-05T22:24:28.688Z",
"dateUpdated": "2024-11-07T15:21:40.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11263 (GCVE-0-2024-11263)
Vulnerability from cvelistv5
Published
2024-11-15 22:53
Modified
2024-11-18 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - Privilege Context Switching Error
Summary
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T17:44:38.277866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T17:45:21.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y"
}
],
"value": "When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "Privilege Context Switching Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T22:53:58.593Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-11263",
"datePublished": "2024-11-15T22:53:58.593Z",
"dateReserved": "2024-11-15T16:34:35.784Z",
"dateUpdated": "2024-11-18T17:45:21.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3625 (GCVE-0-2021-3625)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions \u003e= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:20",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
]
},
"title": "Buffer overflow in Zephyr USB DFU DNLOAD",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-09-21T00:00:00.000Z",
"ID": "CVE-2021-3625",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Zephyr USB DFU DNLOAD"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions \u003e= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"environmentalScore": 9.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9.6,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3625",
"datePublished": "2021-10-05T20:50:20.352754Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T18:49:27.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10022 (GCVE-0-2020-10022)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10022",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24154",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24065",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24066",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10022",
"datePublished": "2020-05-11T22:26:12.494138Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-16T23:45:41.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10021 (GCVE-0-2020-10021)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.1 < unspecified Version: 2.1.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:36",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in USB Mass Storage with unaligned sizes",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10021",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write in USB Mass Storage with unaligned sizes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.1"
},
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23240",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23455",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23456",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10021",
"datePublished": "2020-05-11T22:26:11.985594Z",
"dateReserved": "2020-03-03T00:00:00",
"dateUpdated": "2024-09-17T00:16:14.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10066 (GCVE-0-2020-10066)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 01:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Error Handling in Bluetooth HCI core. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:24",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
]
},
"title": "Incorrect Error Handling in Bluetooth HCI core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10066",
"STATE": "PUBLIC",
"TITLE": "Incorrect Error Handling in Bluetooth HCI core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Error Handling in Bluetooth HCI core. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 2.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10066",
"datePublished": "2021-05-24T21:40:24.776002Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-17T01:41:15.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4264 (GCVE-0-2023-4264)
Vulnerability from cvelistv5
Published
2023-09-26 18:34
Modified
2025-06-18 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-122 - Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Summary
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:13:20.137564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:13:45.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:20.031Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4264",
"datePublished": "2023-09-26T18:34:52.817Z",
"dateReserved": "2023-08-08T21:12:31.078Z",
"dateUpdated": "2025-06-18T14:13:45.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14202 (GCVE-0-2017-14202)
Vulnerability from cvelistv5
Published
2019-08-29 00:44
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shell",
"vendor": "Zephyr",
"versions": [
{
"status": "affected",
"version": "prior to 1.14.0"
}
]
}
],
"datePublic": "2019-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:44:13",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
}
],
"source": {
"defect": [
"ZEPSEC-18"
],
"discovery": "USER"
},
"title": "The shell implementation does not protect against buffer overruns resulting in unpredictable behavior.",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2019-04-19T00:00:00.000Z",
"ID": "CVE-2017-14202",
"STATE": "PUBLIC",
"TITLE": "The shell implementation does not protect against buffer overruns resulting in unpredictable behavior."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "shell",
"version": {
"version_data": [
{
"version_value": "prior to 1.14.0"
}
]
}
}
]
},
"vendor_name": "Zephyr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/13048",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
}
]
},
"source": {
"defect": [
"ZEPSEC-18"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2017-14202",
"datePublished": "2019-08-29T00:44:13.046867Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-17T01:16:38.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20696 (GCVE-0-2025-20696)
Vulnerability from cvelistv5
Published
2025-08-04 01:49
Modified
2025-08-04 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8196, MT8370, MT8390, MT8676 |
Version: Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1 / Zephyr 3.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T13:47:23.786152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T13:47:57.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8196, MT8370, MT8390, MT8676",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1 / Zephyr 3.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T01:49:46.880Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20696",
"datePublished": "2025-08-04T01:49:46.880Z",
"dateReserved": "2024-11-01T01:21:50.381Z",
"dateUpdated": "2025-08-04T13:47:57.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3861 (GCVE-0-2021-3861)
Vulnerability from cvelistv5
Published
2022-02-07 22:00
Modified
2024-09-16 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.6.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T22:00:13",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
]
},
"title": "The RNDIS USB device class includes a buffer overflow vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-01-05T00:00:00.000Z",
"ID": "CVE-2021-3861",
"STATE": "PUBLIC",
"TITLE": "The RNDIS USB device class includes a buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.6.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.2,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3861",
"datePublished": "2022-02-07T22:00:13.805383Z",
"dateReserved": "2021-10-05T00:00:00",
"dateUpdated": "2024-09-16T16:18:17.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3432 (GCVE-0-2021-3432)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-17 00:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-369 - Divide By Zero ()
Summary
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.0 < unspecified Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "Divide By Zero (CWE-369)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:28",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
]
},
"title": "BT: Invalid interval in CONNECT_IND leads to Division by Zero",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3432",
"STATE": "PUBLIC",
"TITLE": "BT: Invalid interval in CONNECT_IND leads to Division by Zero"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Divide By Zero (CWE-369)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3432",
"datePublished": "2022-06-28T19:45:28.514936Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-17T00:21:58.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4257 (GCVE-0-2023-4257)
Vulnerability from cvelistv5
Published
2023-10-13 21:09
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:48:38.291355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:48:50.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows."
}
],
"value": "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:31.523Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unchecked user input length in the Zephyr WiFi shell module",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4257",
"datePublished": "2023-10-13T21:09:51.733Z",
"dateReserved": "2023-08-08T21:07:32.623Z",
"dateUpdated": "2025-02-13T17:09:27.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1042 (GCVE-0-2022-1042)
Vulnerability from cvelistv5
Published
2022-07-26 04:25
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-26T04:25:22",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
]
},
"title": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-07-25T00:00:00.000Z",
"ID": "CVE-2022-1042",
"STATE": "PUBLIC",
"TITLE": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "Adjacent",
"availabilityImpact": "LOW",
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-1042",
"datePublished": "2022-07-26T04:25:22.458272Z",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-09-16T20:17:50.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1041 (GCVE-0-2022-1041)
Vulnerability from cvelistv5
Published
2022-07-26 04:25
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-26T04:25:09",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
]
},
"title": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-07-25T00:00:00.000Z",
"ID": "CVE-2022-1041",
"STATE": "PUBLIC",
"TITLE": "Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "Adjacent",
"availabilityImpact": "LOW",
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-1041",
"datePublished": "2022-07-26T04:25:10.049119Z",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-09-17T00:11:32.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0359 (GCVE-0-2023-0359)
Vulnerability from cvelistv5
Published
2023-07-10 04:21
Modified
2024-11-12 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0359",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:20:51.993277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:21:00.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "*",
"versionType": "git"
},
{
"lessThanOrEqual": "2.7.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing nullptr-check in handle_ra_input can cause a nullptr-deref."
}
],
"value": "A missing nullptr-check in handle_ra_input can cause a nullptr-deref."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T04:21:21.203Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ipv6: Missing ipv6 nullptr-check in handle_ra_input",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-0359",
"datePublished": "2023-07-10T04:21:21.203Z",
"dateReserved": "2023-01-18T02:13:16.899Z",
"dateUpdated": "2024-11-12T14:21:00.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3430 (GCVE-0-2021-3430)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion ()
Summary
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.0 < unspecified Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions \u003e= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion (CWE-617)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:19",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
]
},
"title": "BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3430",
"STATE": "PUBLIC",
"TITLE": "BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions \u003e= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion (CWE-617)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3430",
"datePublished": "2022-06-28T19:45:19.535562Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T23:25:47.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3323 (GCVE-0-2021-3323)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-16 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound) ()
Summary
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:16",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
]
},
"title": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"ID": "CVE-2021-3323",
"STATE": "PUBLIC",
"TITLE": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.3,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Underflow (Wrap or Wraparound) (CWE-191)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3323",
"datePublished": "2021-10-12T21:50:16.135206Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T17:07:54.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6258 (GCVE-0-2024-6258)
Vulnerability from cvelistv5
Published
2024-09-13 19:05
Modified
2024-09-16 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
BT: Missing length checks of net_buf in rfcomm_handle_data
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:43:51.367787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:46:42.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Missing length checks of net_buf in rfcomm_handle_data"
}
],
"value": "BT: Missing length checks of net_buf in rfcomm_handle_data"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:05:53.783Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7833-fcpm-3ggm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Missing length checks of net_buf in rfcomm_handle_data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6258",
"datePublished": "2024-09-13T19:05:53.783Z",
"dateReserved": "2024-06-21T20:44:04.693Z",
"dateUpdated": "2024-09-16T14:46:42.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10060 (GCVE-0-2020-10060)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-16 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.1.0 < unspecified Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T14:01:00",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Might Dereference An Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10060",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Might Dereference An Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
},
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27865",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27889",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27891",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27893",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10060",
"datePublished": "2020-05-11T22:26:16.934239Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T23:31:11.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4263 (GCVE-0-2023-4263)
Vulnerability from cvelistv5
Published
2023-10-13 20:42
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121 - Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Summary
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver"
}
],
"value": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:28.258Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4263",
"datePublished": "2023-10-13T20:42:11.942Z",
"dateReserved": "2023-08-08T21:11:51.946Z",
"dateUpdated": "2025-02-13T17:09:29.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13599 (GCVE-0-2020-13599)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions ()
Summary
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:15.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Security problem with settings and littlefs. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions (CWE-276)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:06:09",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
]
},
"title": "Security problem with settings and littlefs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-25T00:00:00.000Z",
"ID": "CVE-2020-13599",
"STATE": "PUBLIC",
"TITLE": "Security problem with settings and littlefs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Security problem with settings and littlefs. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.3,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13599",
"datePublished": "2021-05-24T21:40:27.423754Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T00:01:53.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3320 (GCVE-0-2021-3320)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in 802154 ACK Frames Handling. Zephyr versions \u003e= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:30",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
]
},
"title": "Type Confusion in 802154 ACK Frames Handling",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"ID": "CVE-2021-3320",
"STATE": "PUBLIC",
"TITLE": "Type Confusion in 802154 ACK Frames Handling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type Confusion in 802154 ACK Frames Handling. Zephyr versions \u003e= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3320",
"datePublished": "2021-05-24T21:40:30.745441Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T22:25:53.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2993 (GCVE-0-2022-2993)
Vulnerability from cvelistv5
Published
2022-12-12 01:50
Modified
2025-04-22 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:04:05.139328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:04:39.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-09T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
]
},
"title": "bt: host: Wrong key validation check"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-2993",
"datePublished": "2022-12-12T01:50:00.293Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:04:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3329 (GCVE-0-2021-3329)
Vulnerability from cvelistv5
Published
2023-02-26 00:00
Modified
2025-03-11 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions ()
Summary
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:25:34.489205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:25:38.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-26T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
]
},
"title": "DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3329",
"datePublished": "2023-02-26T00:00:00.000Z",
"dateReserved": "2021-01-27T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:25:38.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3966 (GCVE-0-2021-3966)
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2025-04-09 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3966",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:00:22.435063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:29:11.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
]
},
"title": "Usb bluetooth device ACL read cb buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3966",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-09T18:29:11.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10068 (GCVE-0-2020-10068)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified Version: 1.14.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
],
"discovery": "EXTERNAL"
},
"title": "Zephyr Bluetooth DLE duplicate requests vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10068",
"STATE": "PUBLIC",
"TITLE": "Zephyr Bluetooth DLE duplicate requests vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
},
{
"version_affected": "\u003e=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23091",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23707",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23708",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23964",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10068",
"datePublished": "2020-06-05T17:37:37.415724Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T17:54:11.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6881 (GCVE-0-2023-6881)
Vulnerability from cvelistv5
Published
2024-02-20 18:25
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Possible buffer overflow in is_mount_point
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:50:22.394301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:04.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Possible buffer overflow in is_mount_point"
}
],
"value": "Possible buffer overflow in is_mount_point"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T18:25:19.453Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "fs: fuse: buffer overflow vulnerability in the Zephyr FS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-6881",
"datePublished": "2024-02-20T18:25:19.453Z",
"dateReserved": "2023-12-15T23:14:18.900Z",
"dateUpdated": "2024-08-02T08:42:08.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5754 (GCVE-0-2024-5754)
Vulnerability from cvelistv5
Published
2024-09-13 18:50
Modified
2024-09-16 14:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
BT: Encryption procedure host vulnerability
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:16:36.994922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:17:06.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Encryption procedure host vulnerability"
}
],
"value": "BT: Encryption procedure host vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T18:50:05.314Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gvv5-66hw-5qrc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Encryption procedure host vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-5754",
"datePublished": "2024-09-13T18:50:05.314Z",
"dateReserved": "2024-06-07T16:59:42.401Z",
"dateUpdated": "2024-09-16T14:17:06.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7060 (GCVE-0-2023-7060)
Vulnerability from cvelistv5
Published
2024-03-15 18:12
Modified
2025-03-27 14:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T16:17:43.040964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:57:28.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Security Control in Zephyr OS IP Packet Handling"
}
],
"value": "Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T18:12:36.499Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Security Control in Zephyr OS IP Packet Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-7060",
"datePublished": "2024-03-15T18:12:36.499Z",
"dateReserved": "2023-12-21T16:40:49.260Z",
"dateUpdated": "2025-03-27T14:57:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4259 (GCVE-0-2023-4259)
Vulnerability from cvelistv5
Published
2023-09-25 23:05
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T20:16:33.010531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:16:45.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.4",
"status": "affected",
"version": "1.14",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code."
}
],
"value": "Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:33.171Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4259",
"datePublished": "2023-09-25T23:05:40.753Z",
"dateReserved": "2023-08-08T21:09:18.317Z",
"dateUpdated": "2025-02-13T17:09:28.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3322 (GCVE-0-2021-3322)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-16 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:14",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
]
},
"title": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-21T00:00:00.000Z",
"ID": "CVE-2021-3322",
"STATE": "PUBLIC",
"TITLE": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3322",
"datePublished": "2021-10-12T21:50:14.638805Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T18:45:16.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6249 (GCVE-0-2023-6249)
Vulnerability from cvelistv5
Published
2024-02-18 07:27
Modified
2024-08-02 08:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Summary
Signed to unsigned conversion esp32_ipm_send
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:16:49.904392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:57.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:18.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Signed to unsigned conversion esp32_ipm_send"
}
],
"value": "Signed to unsigned conversion esp32_ipm_send"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T07:27:13.399Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ipm: signed to unsigned conversion problem in esp32_ipm_send",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-6249",
"datePublished": "2024-02-18T07:27:13.399Z",
"dateReserved": "2023-11-21T22:45:28.249Z",
"dateUpdated": "2024-08-02T08:21:18.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13601 (GCVE-0-2020-13601)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.3.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Possible read out of bounds in dns read. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:28",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
]
},
"title": "Possible read out of bounds in dns read",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-11-18T00:00:00.000Z",
"ID": "CVE-2020-13601",
"STATE": "PUBLIC",
"TITLE": "Possible read out of bounds in dns read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Possible read out of bounds in dns read. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13601",
"datePublished": "2021-05-24T21:40:28.696374Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T01:01:29.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10069 (GCVE-0-2020-10069)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-233 - Improper Handling of Parameters ()
Summary
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "Improper Handling of Parameters (CWE-233)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:25",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
]
},
"title": "Zephyr Bluetooth unchecked packet data results in denial of service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10069",
"STATE": "PUBLIC",
"TITLE": "Zephyr Bluetooth unchecked packet data results in denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Parameters (CWE-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10069",
"datePublished": "2021-05-24T21:40:25.468262Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T16:27:47.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3510 (GCVE-0-2021-3510)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-588 - Attempt to Access Child of a Non-structure Pointer ()
Summary
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >1.14.0 < unspecified Version: >2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions \u003e= \u003e1.14.0, \u003e= \u003e2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-588",
"description": "Attempt to Access Child of a Non-structure Pointer (CWE-588)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:17",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
]
},
"title": "Zephyr JSON decoder incorrectly decodes array of array",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-20T00:00:00.000Z",
"ID": "CVE-2021-3510",
"STATE": "PUBLIC",
"TITLE": "Zephyr JSON decoder incorrectly decodes array of array"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "\u003e2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions \u003e= \u003e1.14.0, \u003e= \u003e2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Attempt to Access Child of a Non-structure Pointer (CWE-588)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3510",
"datePublished": "2021-10-05T20:50:17.320779Z",
"dateReserved": "2021-04-20T00:00:00",
"dateUpdated": "2024-09-16T19:04:43.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3431 (GCVE-0-2021-3431)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-16 22:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion ()
Summary
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions \u003e= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion (CWE-617)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
]
},
"title": "BT: Assertion failure on repeated LL_FEATURE_REQ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3431",
"STATE": "PUBLIC",
"TITLE": "BT: Assertion failure on repeated LL_FEATURE_REQ"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions \u003e= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion (CWE-617)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3431",
"datePublished": "2022-06-28T19:45:23.532259Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-16T22:52:14.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4260 (GCVE-0-2023-4260)
Vulnerability from cvelistv5
Published
2023-09-26 19:23
Modified
2025-02-13 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:21.672Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4260",
"datePublished": "2023-09-26T19:23:48.078Z",
"dateReserved": "2023-08-08T21:10:14.640Z",
"dateUpdated": "2025-02-13T17:09:28.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4258 (GCVE-0-2023-4258)
Vulnerability from cvelistv5
Published
2023-09-25 21:46
Modified
2024-09-24 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-684 - Incorrect Provision of Specified Functionality The code does not function according to its published specifications, potentially leading to incorrect usage.
Summary
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject",
"versions": [
{
"lessThan": "3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:45:09.412727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:47:10.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "1.14",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.\u003c/p\u003e"
}
],
"value": "In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": " CWE-684 Incorrect Provision of Specified Functionality The code does not function according to its published specifications, potentially leading to incorrect usage.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T21:46:37.430Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bt: mesh: vulnerability in provisioning protocol implementation on provisionee side",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-4258",
"datePublished": "2023-09-25T21:46:37.430Z",
"dateReserved": "2023-08-08T21:08:39.861Z",
"dateUpdated": "2024-09-24T19:47:10.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3434 (GCVE-0-2021-3434)
Vulnerability from cvelistv5
Published
2022-06-28 19:45
Modified
2024-09-17 00:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow ()
Summary
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.5.0 < unspecified Version: v2.6.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions \u003e= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:39",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
]
},
"title": "L2CAP: Stack based buffer overflow in le_ecred_conn_req()",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3434",
"STATE": "PUBLIC",
"TITLE": "L2CAP: Stack based buffer overflow in le_ecred_conn_req()"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.6.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions \u003e= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MODERATE",
"confidentialityImpact": "LOW",
"environmentalScore": 4.9,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3434",
"datePublished": "2022-06-28T19:45:39.519233Z",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-09-17T00:36:23.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6259 (GCVE-0-2024-6259)
Vulnerability from cvelistv5
Published
2024-09-13 20:17
Modified
2024-09-25 15:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6259",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:35:18.530446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:57:30.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report"
}
],
"value": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T20:17:58.827Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p5j7-v26w-wmcp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6259",
"datePublished": "2024-09-13T20:17:58.827Z",
"dateReserved": "2024-06-21T20:48:52.552Z",
"dateUpdated": "2024-09-25T15:57:30.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5563 (GCVE-0-2023-5563)
Vulnerability from cvelistv5
Published
2023-10-12 23:11
Modified
2024-09-17 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Summary
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: 3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T17:08:27.283979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:08:43.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "3.3",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
}
],
"value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
}
],
"impacts": [
{
"capecId": "CAPEC-74",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-74 Manipulating User State"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": " CWE-703 Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:11:18.074Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5563",
"datePublished": "2023-10-12T23:11:18.074Z",
"dateReserved": "2023-10-12T22:58:30.695Z",
"dateUpdated": "2024-09-17T17:08:43.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3319 (GCVE-0-2021-3319)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: > v2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e v2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions \u003e= \u003e v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-588",
"description": "Attempt to Access Child of a Non-structure Pointer (CWE-588)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:14",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
]
},
"title": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-04-14T00:00:00.000Z",
"ID": "CVE-2021-3319",
"STATE": "PUBLIC",
"TITLE": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e v2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions \u003e= \u003e v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Attempt to Access Child of a Non-structure Pointer (CWE-588)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3319",
"datePublished": "2021-10-05T20:50:14.254605Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-16T22:14:56.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6137 (GCVE-0-2024-6137)
Vulnerability from cvelistv5
Published
2024-09-13 20:06
Modified
2024-09-16 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
BT: Classic: SDP OOB access in get_att_search_list
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6137",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:41:38.967851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:45:48.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BT: Classic: SDP OOB access in get_att_search_list"
}
],
"value": "BT: Classic: SDP OOB access in get_att_search_list"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T20:06:45.347Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BT: Classic: SDP OOB access in get_att_search_list",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2024-6137",
"datePublished": "2024-09-13T20:06:45.347Z",
"dateReserved": "2024-06-18T18:47:56.163Z",
"dateUpdated": "2024-09-16T14:45:48.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13602 (GCVE-0-2020-13602)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-17 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 1.14.2 < unspecified Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions \u003e= 1.14.2, \u003e= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:29",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
]
},
"title": "Remote Denial of Service in LwM2M do_write_op_tlv",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-25T00:00:00.000Z",
"ID": "CVE-2020-13602",
"STATE": "PUBLIC",
"TITLE": "Remote Denial of Service in LwM2M do_write_op_tlv"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions \u003e= 1.14.2, \u003e= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-13602",
"datePublished": "2021-05-24T21:40:29.344412Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-17T02:56:50.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3581 (GCVE-0-2021-3581)
Vulnerability from cvelistv5
Published
2021-10-05 20:50
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value ()
Summary
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.5.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer Access with Incorrect Length Value in zephyr. Zephyr versions \u003e= \u003e=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "Buffer Access with Incorrect Length Value (CWE-805)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T20:50:18",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
]
},
"title": "Buffer Access with Incorrect Length Value in zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-09-04T00:00:00.000Z",
"ID": "CVE-2021-3581",
"STATE": "PUBLIC",
"TITLE": "Buffer Access with Incorrect Length Value in zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value in zephyr. Zephyr versions \u003e= \u003e=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value (CWE-805)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3581",
"datePublished": "2021-10-05T20:50:18.826412Z",
"dateReserved": "2021-06-04T00:00:00",
"dateUpdated": "2024-09-16T19:05:46.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14201 (GCVE-0-2017-14201)
Vulnerability from cvelistv5
Published
2019-08-29 00:44
Modified
2024-09-17 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shell",
"vendor": "Zephyr",
"versions": [
{
"status": "affected",
"version": "prior to 1.14.0"
}
]
}
],
"datePublic": "2019-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:44:16",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
}
],
"source": {
"defect": [
"ZEPSEC-17"
],
"discovery": "USER"
},
"title": "The shell DNS command can cause unpredictable results due to misuse of stack variables.",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2019-04-19T00:00:00.000Z",
"ID": "CVE-2017-14201",
"STATE": "PUBLIC",
"TITLE": "The shell DNS command can cause unpredictable results due to misuse of stack variables."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "shell",
"version": {
"version_data": [
{
"version_value": "prior to 1.14.0"
}
]
}
}
]
},
"vendor_name": "Zephyr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
},
{
"name": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/13260",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
}
]
},
"source": {
"defect": [
"ZEPSEC-17"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2017-14201",
"datePublished": "2019-08-29T00:44:16.325159Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-17T00:46:36.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10070 (GCVE-0-2020-10070)
Vulnerability from cvelistv5
Published
2020-06-05 17:37
Modified
2024-09-16 23:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: 2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
],
"discovery": "EXTERNAL"
},
"title": "MQTT buffer overflow on receive buffer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10070",
"STATE": "PUBLIC",
"TITLE": "MQTT buffer overflow on receive buffer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10070",
"datePublished": "2020-06-05T17:37:37.459802Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T23:06:22.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5184 (GCVE-0-2023-5184)
Vulnerability from cvelistv5
Published
2023-09-27 17:26
Modified
2025-06-18 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Version: * |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:08:07.737756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:08:20.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-195",
"description": "CWE-195 Signed to Unsigned Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:26.619Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2023-5184",
"datePublished": "2023-09-27T17:26:51.660Z",
"dateReserved": "2023-09-25T19:53:12.084Z",
"dateUpdated": "2025-06-18T14:08:20.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10064 (GCVE-0-2020-10064)
Vulnerability from cvelistv5
Published
2021-05-24 21:40
Modified
2024-09-16 21:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v1.14.2 < unspecified Version: v2.2.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Frame Validation in ieee802154 Processing. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
]
},
"title": "Improper Input Frame Validation in ieee802154 Processing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10064",
"STATE": "PUBLIC",
"TITLE": "Improper Input Frame Validation in ieee802154 Processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Frame Validation in ieee802154 Processing. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.3,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10064",
"datePublished": "2021-05-24T21:40:23.371097Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T21:03:04.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3330 (GCVE-0-2021-3330)
Vulnerability from cvelistv5
Published
2021-10-12 21:50
Modified
2024-09-17 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: >=2.4.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "\u003e=2.4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T21:50:17",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
]
},
"title": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-20T00:00:00.000Z",
"ID": "CVE-2021-3330",
"STATE": "PUBLIC",
"TITLE": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "\u003e=2.4.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.1,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3330",
"datePublished": "2021-10-12T21:50:17.624934Z",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-09-17T01:00:47.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3835 (GCVE-0-2021-3835)
Vulnerability from cvelistv5
Published
2022-02-07 22:00
Modified
2024-09-17 00:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: v2.6.0 < unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in usb device class. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T22:00:12",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
]
},
"title": "Buffer overflow in usb device class",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-10-02T00:00:00.000Z",
"ID": "CVE-2021-3835",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in usb device class"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v2.6.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in usb device class. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.2,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3835",
"datePublished": "2022-02-07T22:00:12.211014Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-17T00:15:57.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1841 (GCVE-0-2022-1841)
Vulnerability from cvelistv5
Published
2022-08-31 19:40
Modified
2024-09-16 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "v3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T19:40:08",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
]
},
"title": "Out-of-bound write in tcp_flags",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2022-09-23T00:00:00.000Z",
"ID": "CVE-2022-1841",
"STATE": "PUBLIC",
"TITLE": "Out-of-bound write in tcp_flags"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "Network",
"availabilityImpact": "LOW",
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2022-1841",
"datePublished": "2022-08-31T19:40:08.845879Z",
"dateReserved": "2022-05-24T00:00:00",
"dateUpdated": "2024-09-16T22:14:38.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-10-05 21:15
Modified
2024-11-21 06:22
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4583D9-DA5A-48C0-BDCE-39616F872F87",
"versionEndExcluding": "2.7.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions \u003e= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
},
{
"lang": "es",
"value": "Desbordamiento del b\u00fafer en Zephyr USB DFU DNLOAD. Zephyr versiones posteriores a v2.5.0 incluy\u00e9ndola, contienen un Desbordamiento de B\u00fafer en la regi\u00f3n Heap de la memoria (CWE-122). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"id": "CVE-2021-3625",
"lastModified": "2024-11-21T06:22:00.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-05T21:15:09.463",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23190 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23457 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23460 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23190 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23457 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23460 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548B8018-2D83-4F2E-B78D-4E487773478B",
"versionEndExcluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97F3CD96-C804-457B-8A4C-08147DEB7CC0",
"versionEndIncluding": "2.1.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "USB DFU presenta un potencial desbordamiento del b\u00fafer donde la longitud requerida (wLength) no es comparada con el tama\u00f1o del b\u00fafer. Esto podr\u00eda ser usado por un host USB malicioso para explotar el desbordamiento del b\u00fafer. Consulte NCC-ZEP-002. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.1 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10019",
"lastModified": "2024-11-21T04:54:39.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.317",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 20:15
Modified
2024-11-21 06:21
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93322BD9-A3E5-4E59-9243-9F5774F75CF7",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information leakage in le_ecred_conn_req(). Zephyr versions \u003e= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
},
{
"lang": "es",
"value": "Un filtrado de informaci\u00f3n en la funci\u00f3n le_ecred_conn_req(). Zephyr versiones posteriores a v2.4.0 incluy\u00e9ndola, Uso de Recurso no Inicializado (CWE-908). Para m\u00e1s informaci\u00f3n, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"id": "CVE-2021-3435",
"lastModified": "2024-11-21T06:21:30.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T20:15:08.293",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 04:54
Severity ?
3.8 (Low) - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
},
{
"lang": "es",
"value": "Una falta de Comprobaciones de Tama\u00f1o en Bluetooth HCI sobre SPI.\u0026#xa0;Zephyr versiones posteriores a v1.14.2 incluy\u00e9ndola, versiones posteriores a v2.2.0 incluy\u00e9ndola, contienen un Manejo Inapropiado de la Inconsistencia del Par\u00e1metro Length (CWE-130).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"id": "CVE-2020-10065",
"lastModified": "2024-11-21T04:54:44.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.577",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-130"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23240 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23455 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23456 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23240 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23455 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23456 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371789A4-E53B-4E4D-B425-3D74BE61DC02",
"versionEndIncluding": "1.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0260A81C-55CB-40D0-BEE2-3ACCC1EB6DB4",
"versionEndExcluding": "2.2.0",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "Una Escritura fuera de l\u00edmites en el Almacenamiento Masivo USB en el manejador memoryWrite con Tama\u00f1os no alineados. Consulte NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.1 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10021",
"lastModified": "2024-11-21T04:54:40.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.380",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 23:15
Modified
2024-11-21 06:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93322BD9-A3E5-4E59-9243-9F5774F75CF7",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Truncated L2CAP K-frame causes assertion failure. Zephyr versions \u003e= 2.4.0, \u003e= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
},
{
"lang": "es",
"value": "La trama K de L2CAP truncada causa un fallo de aserci\u00f3n. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, versiones posteriores a v.2.50 incluy\u00e9ndola, contienen un Manejo Inapropiado de Inconsistencias de Longitud de Par\u00e1metros (CWE-130), Aserci\u00f3n Alcanzable (CWE-617). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"id": "CVE-2021-3454",
"lastModified": "2024-11-21T06:21:34.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-19T23:15:07.517",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-130"
},
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-617"
},
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 08:15
Modified
2025-02-28 01:42
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Summary
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-x975-8pgf-qh66 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE223D7A-B211-4093-BEE6-ADC5999041FE",
"versionEndIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of input validation allows for out of bounds reads caused by malicious or malformed packets."
},
{
"lang": "es",
"value": " La falta de validaci\u00f3n de entrada permite lecturas fuera de los l\u00edmites causadas por paquetes maliciosos o malformados."
}
],
"id": "CVE-2025-1674",
"lastModified": "2025-02-28T01:42:14.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T08:15:29.887",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-x975-8pgf-qh66"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-13 19:15
Modified
2024-09-19 01:44
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
BT: Encryption procedure host vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C71E782-50A1-4727-B9FC-B20D7BF73A89",
"versionEndExcluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: Encryption procedure host vulnerability"
},
{
"lang": "es",
"value": "BT: Vulnerabilidad del host del procedimiento de cifrado"
}
],
"id": "CVE-2024-5754",
"lastModified": "2024-09-19T01:44:29.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-13T19:15:17.597",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gvv5-66hw-5qrc"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-12 23:15
Modified
2024-11-21 08:34
Severity ?
6.4 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D56E6F-F247-436A-B6F4-FA7263D4C5E2",
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerabilities in the following locations:\n https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 \n https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 "
}
],
"id": "CVE-2023-4265",
"lastModified": "2024-11-21T08:34:45.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-12T23:15:08.567",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-26 07:15
Modified
2024-11-21 06:21
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 2.4.0 | |
| zephyrproject | zephyr | 2.4.0 | |
| zephyrproject | zephyr | 2.4.0 | |
| zephyrproject | zephyr | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BA268A40-88CF-4655-9B60-97C5C565F04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F9BFD24-E6AF-476B-AE11-F28C734971E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "35CCD91E-311C-4D96-B4FD-590D84F1D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E118B3F-40CA-474F-816C-15827DF29FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack"
}
],
"id": "CVE-2021-3329",
"lastModified": "2024-11-21T06:21:18.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-26T07:15:10.287",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-26 05:15
Modified
2024-11-21 06:39
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6086ECF3-DABE-487B-AF77-B975BF029C90",
"versionEndIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
},
{
"lang": "es",
"value": "En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de l\u00edmites durante el aprovisionamiento."
}
],
"id": "CVE-2022-1041",
"lastModified": "2024-11-21T06:39:54.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-26T05:15:07.610",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-25 02:02
Modified
2025-04-03 20:15
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B3C2A-EED0-4916-A4AF-9007C498B058",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses."
},
{
"lang": "es",
"value": "Un controlador Bluetooth malicioso o defectuoso puede provocar sobrelecturas del b\u00fafer en la mayor\u00eda de las funciones que procesan respuestas de comandos HCI."
}
],
"id": "CVE-2023-0396",
"lastModified": "2025-04-03T20:15:20.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-25T02:02:06.200",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 23:15
Modified
2024-11-21 06:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93322BD9-A3E5-4E59-9243-9F5774F75CF7",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions \u003e= 2.4.0, \u003e= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
},
{
"lang": "es",
"value": "La desconexi\u00f3n del canal L2CAP justo despu\u00e9s de una petici\u00f3n de ATT no v\u00e1lida conlleva a una congelaci\u00f3n. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, versiones posteriores a 2.5.0 incluy\u00e9ndola, contienen un Uso de Memoria Previamente Liberada (CWE-416). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"id": "CVE-2021-3455",
"lastModified": "2024-11-21T06:21:34.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-19T23:15:07.587",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-25 02:01
Modified
2025-04-03 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B3C2A-EED0-4916-A4AF-9007C498B058",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer."
},
{
"lang": "es",
"value": "El manejo inconsistente de los casos de error en bluetooth hci puede provocar una condici\u00f3n doblemente libre de un b\u00fafer de red."
}
],
"id": "CVE-2022-3806",
"lastModified": "2025-04-03T20:15:17.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-25T02:01:19.820",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-31 20:15
Modified
2024-11-21 06:41
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6086ECF3-DABE-487B-AF77-B975BF029C90",
"versionEndIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero."
},
{
"lang": "es",
"value": "En el archivo subsys/net/ip/tcp.c, la funci\u00f3n tcp_flags , cuando el par\u00e1metro entrante flags es ECN o CWR , el buf escribir\u00e1 fuera de l\u00edmites un byte cero"
}
],
"id": "CVE-2022-1841",
"lastModified": "2024-11-21T06:41:35.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T20:15:08.537",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-13 21:15
Modified
2024-09-19 01:33
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p5j7-v26w-wmcp | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: HCI: adv_ext_report Improper discarding in adv_ext_report"
},
{
"lang": "es",
"value": "BT: HCI: adv_ext_report Descarte incorrecto en adv_ext_report"
}
],
"id": "CVE-2024-6259",
"lastModified": "2024-09-19T01:33:36.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-13T21:15:10.830",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p5j7-v26w-wmcp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-27 18:15
Modified
2025-02-13 18:15
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers."
},
{
"lang": "es",
"value": "Dos posibles errores de conversi\u00f3n de firmados a no firmados y vulnerabilidades de desbordamiento del b\u00fafer en las siguientes ubicaciones en los controladores Zephyr IPM."
}
],
"id": "CVE-2023-5184",
"lastModified": "2025-02-13T18:15:55.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 5.3,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-27T18:15:11.997",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-195"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23308 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23748 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23308 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23748 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "M\u00faltiples llamadas al sistema en el subsistema Kscan llevan a cabo una comprobaci\u00f3n de argumento insuficiente, permitiendo una ejecuci\u00f3n de c\u00f3digo en el espacio de usuario para potencialmente alcanzar elevados privilegios. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10058",
"lastModified": "2024-11-21T04:54:43.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.910",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 03:12
Severity ?
Summary
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html | Release Notes, Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/13260 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/13260 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "824F6D6D-B539-4424-BC2E-D4532017038F",
"versionEndExcluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
},
{
"lang": "es",
"value": "Usar la vulnerabilidad Despu\u00e9s de la liberaci\u00f3n en el shell de Zephyr permite que un usuario conectado en serie o telnet cause la denegaci\u00f3n de servicio, y posiblemente la ejecuci\u00f3n remota de c\u00f3digo. Este problema afecta a: las versiones del proyectil Zephyr anteriores a 1.14.0 en todas."
}
],
"id": "CVE-2017-14201",
"lastModified": "2024-11-21T03:12:20.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:10.647",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Broken Link"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24954 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24997 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24999 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24954 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24997 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24999 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 2.1.0 | |
| zephyrproject | zephyr | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "677DD0A3-502D-45F1-9CC8-8DDB8F230DFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "El m\u00f3dulo UpdateHub deshabilita la comprobaci\u00f3n del peer DTLS, lo que permite un ataque de tipo man in the middle. Esto es mitigado por im\u00e1genes de firmware que requieren firmas validas. Sin embargo, no existe ning\u00fan beneficio al usar DTLS sin la comprobaci\u00f3n del peer. Consulte NCC-ZEP-018. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10059",
"lastModified": "2024-11-21T04:54:43.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.973",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 07:40
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D56E6F-F247-436A-B6F4-FA7263D4C5E2",
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer."
}
],
"id": "CVE-2023-1902",
"lastModified": "2024-11-21T07:40:06.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:49.053",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-672"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 20:15
Modified
2024-11-21 06:21
Severity ?
4.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20F7320-1032-4FA2-B539-3D7EED5E091B",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions \u003e= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n Stack de la memoria en la funci\u00f3n le_ecred_conn_req(). Zephyr versiones posteriores a v2.5.0 incluy\u00e9ndola, Desbordamiento del b\u00fafer en la regi\u00f3n Stack de la memoria (CWE-121). Para m\u00e1s informaci\u00f3n, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"id": "CVE-2021-3434",
"lastModified": "2024-11-21T06:21:30.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T20:15:08.240",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 05:01
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions \u003e= 1.14.2, \u003e= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
},
{
"lang": "es",
"value": "Una Denegaci\u00f3n de Servicio Remota en la funci\u00f3n do_write_op_tlv de LwM2M.\u0026#xa0;Zephyr versiones posteriores a 1.14.2 incluy\u00e9ndola, versiones posteriores a 2.2.0 incluy\u00e9ndola, contienen una Comprobaci\u00f3n Inapropiada de la Entrada (CWE-20), Bucle con una Condici\u00f3n de Salida Inalcanzable (\"Infinite Loop\") (CWE-835).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"id": "CVE-2020-13602",
"lastModified": "2024-11-21T05:01:35.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.893",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 20:15
Modified
2024-11-21 06:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81590350-7984-4CD8-A010-7D8CBD3AB08F",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions \u003e= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
},
{
"lang": "es",
"value": "Una aserci\u00f3n alcanzable con la funci\u00f3n LL_CONNECTION_PARAM_REQ repetida. Zephyr versiones posteriores a v1.14 incluy\u00e9ndola, contienen una Aserci\u00f3n Alcanzable (CWE-617). Para m\u00e1s informaci\u00f3n, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"id": "CVE-2021-3430",
"lastModified": "2024-11-21T06:21:29.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T20:15:08.020",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 05:01
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C2CE7E-FE81-48E0-B7BB-6C089224F772",
"versionEndIncluding": "2.3.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible read out of bounds in dns read. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
},
{
"lang": "es",
"value": "Una posible Lectura Fuera de L\u00edmites en una lectura de dns.\u0026#xa0;Zephyr versiones posteriores a 1.14.2 incluy\u00e9ndola, versiones posteriores a 2.3.0 incluy\u00e9ndola, contienen una Lectura Fuera de L\u00edmites (CWE-125).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"id": "CVE-2020-13601",
"lastModified": "2024-11-21T05:01:35.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.857",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 04:54
Severity ?
5.9 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
},
{
"lang": "es",
"value": "Un manejo Inapropiado de Permisos o Privilegios Insuficientes en zephyr.\u0026#xa0;Zephyr versiones posteriores a v1.14.2 incluy\u00e9ndola, versiones posteriores a v2.2.0 incluy\u00e9ndola contienen un Manejo Inapropiado de Permisos o Privilegios insuficientes (CWE-280).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"id": "CVE-2020-10072",
"lastModified": "2024-11-21T04:54:44.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.687",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-280"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 05:01
Severity ?
6.9 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow in memory allocating functions. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
},
{
"lang": "es",
"value": "Un Desbordamiento de Enteros en funciones de asignaci\u00f3n de memoria.\u0026#xa0;Zephyr versiones posteriores a 1.14.2 incluy\u00e9ndola, versiones posteriores a 2.4.0 incluy\u00e9ndola, contienen un Desbordamiento de Enteros o Wraparound (CWE-190).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"id": "CVE-2020-13603",
"lastModified": "2024-11-21T05:01:35.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.937",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-11 04:15
Modified
2024-11-21 06:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72E7E8-9666-4069-B44B-38CB31636316",
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily."
},
{
"lang": "es",
"value": "No se comprueba si la ranura 0 se est\u00e1 cargando desde el dispositivo al host. Cuando se utilizan im\u00e1genes cifradas, esto significa que el firmware no cifrado se puede recuperar f\u00e1cilmente."
}
],
"id": "CVE-2022-0553",
"lastModified": "2024-11-21T06:38:54.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T04:15:10.070",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 20:15
Modified
2024-11-21 06:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81590350-7984-4CD8-A010-7D8CBD3AB08F",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
},
{
"lang": "es",
"value": "Un intervalo no v\u00e1lido en la funci\u00f3n CONNECT_IND conlleva a una divisi\u00f3n por cero. Zephyr versiones posteriores a v1.14.0 incluy\u00e9ndola, Divisi\u00f3n por Cero (CWE-369). Para m\u00e1s informaci\u00f3n, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"id": "CVE-2021-3432",
"lastModified": "2024-11-21T06:21:29.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T20:15:08.133",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-05 21:15
Modified
2024-11-21 06:21
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.0 | |
| zephyrproject | zephyr | 1.14.0 | |
| zephyrproject | zephyr | 1.14.0 | |
| zephyrproject | zephyr | 1.14.0 | |
| zephyrproject | zephyr | 1.14.1 | |
| zephyrproject | zephyr | 1.14.1 | |
| zephyrproject | zephyr | 1.14.1 | |
| zephyrproject | zephyr | 1.14.1 | |
| zephyrproject | zephyr | 1.14.2 | |
| zephyrproject | zephyr | 1.14.3 | |
| zephyrproject | zephyr | 1.14.3 | |
| zephyrproject | zephyr | 2.5.0 | |
| zephyrproject | zephyr | 2.5.0 | |
| zephyrproject | zephyr | 2.5.0 | |
| zephyrproject | zephyr | 2.5.0 | |
| zephyrproject | zephyr | 2.5.0 | |
| zephyrproject | zephyr | 2.5.1 | |
| zephyrproject | zephyr | 2.6.0 | |
| zephyrproject | zephyr | 2.6.0 | |
| zephyrproject | zephyr | 2.6.0 | |
| zephyrproject | zephyr | 2.6.0 | |
| zephyrproject | zephyr | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5335FA2C-9A79-40F6-826F-BAC18A67119B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DEBD3882-A442-4C05-B0D8-0CB3E0A40FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3ABA1766-06A8-4DBE-BAFC-FB80BFC7479F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C688ACD-EB21-4EB8-BD18-346461AA00A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "81451111-93D1-472E-86F7-19B2EAF204F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0A323B6E-F8DF-46FC-A196-192BE2D02D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1E577E10-785B-4B61-A68F-11FDD90C3978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BE6A58E9-5CB8-47B1-8EB4-2577820C534C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74694FC-5442-4F7E-AACF-0E1753F50148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59613BD2-C171-4C2C-A5D4-EEEC4824AED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "01DC16EF-D7A0-4FB6-989A-18E0079C1CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E3F6440A-9503-41ED-9BAB-CA0265C707B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "353849CD-BC4B-4ADB-96E9-5EAB93023E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "07DA9C8D-1B2C-4B8A-9D23-2626DAD906BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "88672A18-976F-469A-A570-D6815637C34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E68E950F-AB7E-4CC5-B0DF-6D9DEBE13A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "487B9DEC-FA4B-4007-8C1C-82165ECE5F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "05609E26-61CD-494F-97D3-B0235B0CE539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E42A2A00-1210-4BAB-A740-A27E54511521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4568B890-B0EB-4EBE-8DE6-95D346928C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "50DAD9FB-908B-4977-869E-8920EFF30DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E0931CF-F40A-4D7E-BC45-5DBD86C0CC99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions \u003e= \u003e1.14.0, \u003e= \u003e2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
},
{
"lang": "es",
"value": "El decodificador JSON de Zephyr decodifica incorrectamente un array de array. Zephyr versiones anteriores y posteriores a 1.14.0 incluy\u00e9ndola, versiones anteriores y posteriores a 2.5.0 incluy\u00e9ndola, contienen Intento de Acceso a Child de un Puntero No Estructurado (CWE-588). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"id": "CVE-2021-3510",
"lastModified": "2024-11-21T06:21:43.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-05T21:15:09.353",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-588"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23239 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23653 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23654 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23239 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23653 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23654 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.1 | |
| zephyrproject | zephyr | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64F3EAF-D161-42D2-80B4-5459C0AB45BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "Una aplicaci\u00f3n de espacio de usuario maliciosa puede causar un desbordamiento de enteros y omitir comprobaciones de seguridad llevadas a cabo por manejadores de llamadas del sistema. El impacto depender\u00eda de la llamada del sistema subyacente y puede variar desde una denegaci\u00f3n de servicio hasta el filtrado de informaci\u00f3n para una corrupci\u00f3n de memoria, resultando en una ejecuci\u00f3n de c\u00f3digo dentro del kernel. Consulte NCC-ZEP-005. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.1 y versiones posteriores. versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10067",
"lastModified": "2024-11-21T04:54:44.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:12.083",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 07:37
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B3C2A-EED0-4916-A4AF-9007C498B058",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing nullptr-check in handle_ra_input can cause a nullptr-deref."
}
],
"id": "CVE-2023-0359",
"lastModified": "2024-11-21T07:37:02.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:48.653",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-07 22:15
Modified
2024-11-21 06:22
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9A681D-63F7-4BBE-870A-53CF19670A84",
"versionEndIncluding": "2.7.1",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
},
{
"lang": "es",
"value": "La clase de dispositivo USB RNDIS incluye una vulnerabilidad de desbordamiento de b\u00fafer. Las versiones de Zephyr versiones posteriores a v2.6.0 incluy\u00e9ndola, contienen un desbordamiento del b\u00fafer en la regi\u00f3n Heap de la memoria (CWE-122). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"id": "CVE-2021-3861",
"lastModified": "2024-11-21T06:22:40.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-07T22:15:08.423",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-21 18:15
Modified
2024-11-21 08:40
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible variant of CVE-2021-3434 in function le_ecred_reconf_req."
},
{
"lang": "es",
"value": "Posible variante de CVE-2021-3434 en la funci\u00f3n le_ecred_reconf_req."
}
],
"id": "CVE-2023-5055",
"lastModified": "2024-11-21T08:40:59.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-21T18:15:09.023",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 18:15
Modified
2024-11-21 04:54
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23091 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23707 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23708 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23964 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23091 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23964 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "824F6D6D-B539-4424-BC2E-D4532017038F",
"versionEndExcluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1F7728-9799-4DBA-B334-D40EE108ACCE",
"versionEndExcluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
},
{
"lang": "es",
"value": "En el subsistema Bluetooth de Zephyr project, determinados paquetes duplicados y consecutivos pueden causar un comportamiento incorrecto, resultando en una denegaci\u00f3n de servicio. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores, y versi\u00f3n 1.14.0 y versiones posteriores"
}
],
"id": "CVE-2020-10068",
"lastModified": "2024-11-21T04:54:44.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T18:15:12.887",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-30 21:15
Modified
2024-11-21 07:37
Severity ?
6.7 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B3C2A-EED0-4916-A4AF-9007C498B058",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device\u2019s memory layout, further exploitation is possible."
}
],
"id": "CVE-2023-0779",
"lastModified": "2024-11-21T07:37:48.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T21:15:08.987",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-27 15:19
Modified
2025-02-13 17:17
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system."
},
{
"lang": "es",
"value": "Posible vulnerabilidad de desbordamiento del b\u00fafer uno por uno en el sistema de archivos del fusible Zephyr."
}
],
"id": "CVE-2023-4260",
"lastModified": "2025-02-13T17:17:17.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 3.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-27T15:19:40.037",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-13 22:15
Modified
2024-11-21 08:34
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows."
},
{
"lang": "es",
"value": "La longitud de entrada del usuario no marcada en /subsys/net/l2/wifi/wifi_shell.c puede provocar desbordamientos del b\u00fafer."
}
],
"id": "CVE-2023-4257",
"lastModified": "2024-11-21T08:34:44.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T22:15:10.453",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 05:01
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C2CE7E-FE81-48E0-B7BB-6C089224F772",
"versionEndIncluding": "2.3.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions \u003e= v1.14.2, \u003e= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
},
{
"lang": "es",
"value": "FS: Desbordamiento del b\u00fafer al habilitar Nombres de Archivo Largos en FAT_FS y llamar a fs_stat.\u0026#xa0;Zephyr versiones posteriores a v1.14.2 incluy\u00e9ndola, versiones posteriores a v2.3.0 incluy\u00e9ndola, contienen un Desbordamiento del B\u00fafer en la regi\u00f3n Stack de la memoria (CWE-121).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"id": "CVE-2020-13598",
"lastModified": "2024-11-21T05:01:35.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 3.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.740",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 22:15
Modified
2024-11-21 06:21
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F24C66-0DD5-4759-9E12-AA3F180EE6ED",
"versionEndExcluding": "2.5.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
},
{
"lang": "es",
"value": "Un Desbordamiento de Enteros en la Descompresi\u00f3n del Encabezado IPHC de 6LoWPAN en Zephyr. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, contiene un desbordamiento de enteros (Wrap o Wraparound) (CWE-191). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"id": "CVE-2021-3323",
"lastModified": "2024-11-21T06:21:17.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T22:15:08.093",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
6.9 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23304 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23646 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23649 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23304 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23646 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23649 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.1 | |
| zephyrproject | zephyr | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64F3EAF-D161-42D2-80B4-5459C0AB45BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "El subsistema shell contiene un desbordamiento de b\u00fafer, por lo que un adversario con acceso f\u00edsico al dispositivo es capaz de causar una corrupci\u00f3n de la memoria, resultando en una denegaci\u00f3n de servicio o posiblemente en una ejecuci\u00f3n de c\u00f3digo dentro del kernel de Zephyr. Consulte NCC-NCC-019. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.0 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10023",
"lastModified": "2024-11-21T04:54:40.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.520",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 22:15
Modified
2024-11-21 06:21
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F24C66-0DD5-4759-9E12-AA3F180EE6ED",
"versionEndExcluding": "2.5.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
},
{
"lang": "es",
"value": "RCE/DOS: una corrupci\u00f3n de Listas Enlazadas conllevando a una gran escritura fuera de l\u00edmites mientras se ordena una lista de fragmentos falsa en Zephyr. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, contiene una escritura fuera de l\u00edmites (CWE-787). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"id": "CVE-2021-3330",
"lastModified": "2024-11-21T06:21:18.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T22:15:08.150",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-29 05:15
Modified
2025-01-23 19:21
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
},
{
"lang": "es",
"value": "Un dispositivo BLE malicioso puede bloquear el dispositivo v\u00edctima de BLE al enviar un paquete gatt con formato incorrecto"
}
],
"id": "CVE-2024-3077",
"lastModified": "2025-01-23T19:21:44.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-29T05:15:46.410",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-03 17:15
Modified
2025-02-03 15:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device"
},
{
"lang": "es",
"value": "Un dispositivo BLE malicioso puede enviar un orden espec\u00edfico de secuencia de paquetes para provocar un ataque DoS en el dispositivo BLE v\u00edctima"
}
],
"id": "CVE-2024-3332",
"lastModified": "2025-02-03T15:21:34.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-03T17:15:04.470",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 08:15
Modified
2025-03-03 16:51
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2m84-5hfw-m8v4 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:-:*:*:*:*:*:*",
"matchCriteriaId": "F7192B7F-6ED8-4F1B-A69C-BBEB647692C6",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data."
},
{
"lang": "es",
"value": "La funci\u00f3n dns_copy_qname en dns_pack.c realiza una operaci\u00f3n memcpy con un campo no confiable y no verifica si el b\u00fafer de origen es lo suficientemente grande para contener los datos copiados."
}
],
"id": "CVE-2025-1675",
"lastModified": "2025-03-03T16:51:56.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T08:15:30.020",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2m84-5hfw-m8v4"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 03:12
Severity ?
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html | Release Notes, Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/13048 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/13048 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "824F6D6D-B539-4424-BC2E-D4532017038F",
"versionEndExcluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
},
{
"lang": "es",
"value": "Una Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de una vulnerabilidad del B\u00fafer de la Memoria en el componente shell de Zephyr, permite a un usuario conectado serial o telnet causar un bloqueo, posiblemente con la ejecuci\u00f3n de c\u00f3digo arbitrario. Este problema afecta a: shell de Zephyr versiones anteriores a 1.14.0 sobre todo."
}
],
"id": "CVE-2017-14202",
"lastModified": "2024-11-21T03:12:21.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:10.740",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Broken Link"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 18:15
Modified
2024-11-21 04:54
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50EF02E-4F26-4016-9D73-FF596F7EA61B",
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
},
{
"lang": "es",
"value": "Un error por un paso (off-by-one) en el decodificador de longitud de paquetes MQTT del proyecto Zephyr puede resultar en una corrupci\u00f3n de la memoria y una potencial ejecuci\u00f3n de c\u00f3digo remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores"
}
],
"id": "CVE-2020-10062",
"lastModified": "2024-11-21T04:54:43.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T18:15:12.573",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-05 21:15
Modified
2024-11-21 06:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F24C66-0DD5-4759-9E12-AA3F180EE6ED",
"versionEndExcluding": "2.5.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions \u003e= \u003e v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
},
{
"lang": "es",
"value": "DOS: Comprobaci\u00f3n Incorrecta de Tramas 802154 para Direcciones de Origen/Destino Omitidas. Zephyr versiones anteriores y posteriores a v2.4.0 incluy\u00e9ndola, contienen una Desreferencia de Puntero NULL (CWE-476), Intento de Acceso a Child de un Puntero No Estructurado (CWE-588). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"id": "CVE-2021-3319",
"lastModified": "2024-11-21T06:21:16.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-05T21:15:09.217",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-588"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-26 00:15
Modified
2024-11-21 08:34
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code."
},
{
"lang": "es",
"value": "Dos posibles vulnerabilidades de desbordamiento del b\u00fafer en las siguientes ubicaciones en el c\u00f3digo fuente del controlador Zephyr eS-WiFi."
}
],
"id": "CVE-2023-4259",
"lastModified": "2024-11-21T08:34:44.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-26T00:15:11.397",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-13 20:15
Modified
2024-09-19 01:35
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BT: Unchecked user input in bap_broadcast_assistant
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r8h3-64gp-wv7f | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: Unchecked user input in bap_broadcast_assistant"
},
{
"lang": "es",
"value": "BT: Entrada de usuario no verificada en bap_broadcast_assistant"
}
],
"id": "CVE-2024-5931",
"lastModified": "2024-09-19T01:35:17.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-13T20:15:03.037",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r8h3-64gp-wv7f"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-18 08:15
Modified
2025-01-23 16:49
Severity ?
8.0 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Signed to unsigned conversion esp32_ipm_send
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | 3.5.0 | |
| zephyrproject | zephyr | 3.5.0 | |
| zephyrproject | zephyr | 3.5.0 | |
| zephyrproject | zephyr | 3.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77568556-7FD0-4579-9F07-9ECE4E6CCFFE",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "41EBBDE9-8B0F-4538-8676-FFD53783853F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "98715CBC-462C-46A7-BE10-2E00E88F73EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61DC26BC-0117-4DA1-9152-023E53D8292B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "14F7101F-A590-41FE-A8AA-3B7F52291349",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signed to unsigned conversion esp32_ipm_send"
},
{
"lang": "es",
"value": "Conversi\u00f3n firmada a no firmada esp32_ipm_send"
}
],
"id": "CVE-2023-6249",
"lastModified": "2025-01-23T16:49:26.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-18T08:15:07.223",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-32f5-3p9h-2rqc"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 07:58
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D56E6F-F247-436A-B6F4-FA7263D4C5E2",
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host."
}
],
"id": "CVE-2023-2234",
"lastModified": "2024-11-21T07:58:12.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:51.060",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Not Applicable"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-21 07:15
Modified
2024-11-21 08:35
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device."
},
{
"lang": "es",
"value": "Un dispositivo BLE malicioso puede provocar un desbordamiento del b\u00fafer al enviar un paquete publicitario con formato incorrecto al dispositivo BLE utilizando Zephyr OS, lo que provoca DoS o un posible RCE en el dispositivo BLE v\u00edctima."
}
],
"id": "CVE-2023-4424",
"lastModified": "2024-11-21T08:35:07.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-21T07:15:10.557",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:42
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
},
{
"lang": "es",
"value": "El backend del controlador CAN SJA1000 intenta recuperarse autom\u00e1ticamente de un evento de apagado del bus cuando se construye con CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. Esto da como resultado una llamada a k_sleep() en el contexto IRQ, lo que provoca una excepci\u00f3n fatal."
}
],
"id": "CVE-2023-5563",
"lastModified": "2024-11-21T08:42:01.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T00:15:13.247",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 04:54
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Error Handling in Bluetooth HCI core. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
},
{
"lang": "es",
"value": "Un Manejo Incorrecto de Errores en el core HCI de Bluetooth.\u0026#xa0;Zephyr versiones posteriores a v1.14.2 incluy\u00e9ndola, versiones posteriores a v2.2.0 incluy\u00e9ndola contienen una desreferencia de puntero NULL (CWE-476).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"id": "CVE-2020-10066",
"lastModified": "2024-11-21T04:54:44.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.617",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-13 20:15
Modified
2024-09-19 01:33
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BT: Classic: SDP OOB access in get_att_search_list
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: Classic: SDP OOB access in get_att_search_list"
},
{
"lang": "es",
"value": "BT: Cl\u00e1sico: acceso SDP OOB en get_att_search_list"
}
],
"id": "CVE-2024-6137",
"lastModified": "2024-09-19T01:33:12.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-13T20:15:03.403",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 20:15
Modified
2024-11-21 06:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20F7320-1032-4FA2-B539-3D7EED5E091B",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions \u003e= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
},
{
"lang": "es",
"value": "Aserci\u00f3n alcanzable con la funci\u00f3n LL_FEATURE_REQ repetida. Zephyr versiones posteriores a v2.5.0 incluy\u00e9ndola, contienen una Aserci\u00f3n Alcanzable (CWE-617). Para m\u00e1s informaci\u00f3n, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"id": "CVE-2021-3431",
"lastModified": "2024-11-21T06:21:29.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T20:15:08.083",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-04 06:15
Modified
2024-11-13 16:04
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow."
},
{
"lang": "es",
"value": "En ascs_cp_rsp_add en /subsys/bluetooth/audio/ascs.c, un tailroom no controlado podr\u00eda provocar un desbordamiento de b\u00fafer global."
}
],
"id": "CVE-2024-6442",
"lastModified": "2024-11-13T16:04:42.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-04T06:15:04.370",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m22j-ccg7-4v4h"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-13 20:15
Modified
2024-09-19 01:34
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BT:Classic: Multiple missing buf length checks
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT:Classic: Multiple missing buf length checks"
},
{
"lang": "es",
"value": "BT:Classic: Faltan varias comprobaciones de longitud de beneficio"
}
],
"id": "CVE-2024-6135",
"lastModified": "2024-09-19T01:34:49.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-13T20:15:03.220",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-13 19:15
Modified
2024-09-19 01:40
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BT: Missing length checks of net_buf in rfcomm_handle_data
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7833-fcpm-3ggm | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C71E782-50A1-4727-B9FC-B20D7BF73A89",
"versionEndExcluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: Missing length checks of net_buf in rfcomm_handle_data"
},
{
"lang": "es",
"value": "BT: Faltan comprobaciones de longitud de net_buf en rfcomm_handle_data"
}
],
"id": "CVE-2024-6258",
"lastModified": "2024-09-19T01:40:32.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-13T19:15:17.823",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7833-fcpm-3ggm"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23323 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23498 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23535 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23323 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23498 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23535 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.2 | |
| zephyrproject | zephyr | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74694FC-5442-4F7E-AACF-0E1753F50148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "El c\u00f3digo arm espec\u00edfico de la plataforma utiliza una comparaci\u00f3n de enteros con signo cuando se comprueban los n\u00fameros de llamada del sistema. Un atacante que ha obtenido una ejecuci\u00f3n de c\u00f3digo dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.0 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10024",
"lastModified": "2024-11-21T04:54:40.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.583",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-04 02:15
Modified
2025-08-18 15:42
Severity ?
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/August-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 4.0 | |
| rdkcentral | rdk-b | 2024q1 | |
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| openwrt | openwrt | 21.02.0 | |
| openwrt | openwrt | 23.05 | |
| zephyrproject | zephyr | 3.7.0 | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6813 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6878 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6899 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt6991 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8196 | - | |
| mediatek | mt8370 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8676 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB397DA1-62B3-48FD-B694-9FDA4DA25EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AED95D06-8EC6-4070-BE3C-E0F851D7FFC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8FA9F6FC-E722-428B-BB01-E9082DBF9A32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE302F6F-170E-4350-A8F4-65BE0C50CB78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801."
},
{
"lang": "es",
"value": "En DA, existe una posible escritura fuera de los l\u00edmites debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una escalada local de privilegios si un atacante tiene acceso f\u00edsico al dispositivo, sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se requiere la interacci\u00f3n del usuario para su explotaci\u00f3n. ID de parche: ALPS09915215; ID de problema: MSV-3801."
}
],
"id": "CVE-2025-20696",
"lastModified": "2025-08-18T15:42:28.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-04T02:15:25.940",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2025"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@mediatek.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-16 00:15
Modified
2025-02-03 20:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "298E55B2-C792-4444-9663-C28901674D88",
"versionEndIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c."
},
{
"lang": "es",
"value": "No hay una validaci\u00f3n adecuada de la longitud de la entrada del usuario en olcp_ind_handler en zephyr/subsys/bluetooth/services/ots/ots_client.c."
}
],
"id": "CVE-2024-8798",
"lastModified": "2025-02-03T20:13:18.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-16T00:15:05.913",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-09 20:15
Modified
2025-04-22 18:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7142ED-492C-44F4-88A4-2BB2E455C59A",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet."
},
{
"lang": "es",
"value": "Hay un error en la condici\u00f3n de la \u00faltima declaraci\u00f3n if en la funci\u00f3n smp_check_keys. Rechazaba las claves actuales si no se cumpl\u00edan todos los requisitos."
}
],
"id": "CVE-2022-2993",
"lastModified": "2025-04-22T18:15:49.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-09T20:15:10.177",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2025-02-13 18:16
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c"
},
{
"lang": "es",
"value": "Posibles desbordamientos del b\u00fafer en el subsistema Bluetooth debido a afirmaciones deshabilitadas en /subsys/bluetooth/host/hci_core.c"
}
],
"id": "CVE-2023-5753",
"lastModified": "2025-02-13T18:16:01.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:44.950",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-29 01:42
Modified
2025-01-23 17:36
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Possible buffer overflow in is_mount_point
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5CEE1-7062-4E23-A3F2-D01DC14968AD",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible buffer overflow in is_mount_point"
},
{
"lang": "es",
"value": "Posible desbordamiento de b\u00fafer en is_mount_point"
}
],
"id": "CVE-2023-6881",
"lastModified": "2025-01-23T17:36:24.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-29T01:42:46.890",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 18:15
Modified
2024-11-21 04:54
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50EF02E-4F26-4016-9D73-FF596F7EA61B",
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
},
{
"lang": "es",
"value": "En el c\u00f3digo de Zephyr Project MQTT, la comprobaci\u00f3n incorrecta de los l\u00edmites puede resultar en corrupci\u00f3n de la memoria y potencialmente en una ejecuci\u00f3n de c\u00f3digo remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores"
}
],
"id": "CVE-2020-10070",
"lastModified": "2024-11-21T04:54:44.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T18:15:12.997",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 07:40
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D56E6F-F247-436A-B6F4-FA7263D4C5E2",
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.\n\n\n"
}
],
"id": "CVE-2023-1901",
"lastModified": "2024-11-21T07:40:06.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:49.003",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-672"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-26 05:15
Modified
2024-11-21 08:41
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver"
},
{
"lang": "es",
"value": "Posible vulnerabilidad de desbordamiento del b\u00fafer en la siguiente ubicaci\u00f3n en el controlador Zephyr STM32 Crypto"
}
],
"id": "CVE-2023-5139",
"lastModified": "2024-11-21T08:41:08.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-26T05:15:26.217",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-18 07:15
Modified
2025-01-22 17:12
Severity ?
8.0 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unchecked length coming from user input in settings shell
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5CEE1-7062-4E23-A3F2-D01DC14968AD",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked length coming from user input in settings shell"
},
{
"lang": "es",
"value": "Longitud no marcada proveniente de la entrada del usuario en el shell de configuraci\u00f3n"
}
],
"id": "CVE-2023-6749",
"lastModified": "2025-01-22T17:12:49.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-18T07:15:10.047",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-757h-rw37-66hw"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-18 08:15
Modified
2025-01-22 17:13
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
can: out of bounds in remove_rx_filter function
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5CEE1-7062-4E23-A3F2-D01DC14968AD",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "can: out of bounds in remove_rx_filter function"
},
{
"lang": "es",
"value": "puede: fuera de los l\u00edmites en la funci\u00f3n remove_rx_filter"
}
],
"id": "CVE-2023-5779",
"lastModified": "2025-01-22T17:13:42.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-18T08:15:06.917",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7cmj-963q-jj47"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-07 22:15
Modified
2024-11-21 06:22
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | 3.0.0 | |
| zephyrproject | zephyr | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4101DF8-A911-4CC1-88DE-2849E124F2E3",
"versionEndExcluding": "2.7.1",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9319FBA9-6F49-47C2-A11A-4F1819533BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:3.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "55F9ED37-365C-481F-A90F-DE3AF55A44B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in usb device class. Zephyr versions \u003e= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la clase de dispositivo usb. Zephyr versiones posteriores a v2.6.0 incluy\u00e9ndola, contienen un desbordamiento del b\u00fafer en la regi\u00f3n Heap de la memoria (CWE-122). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"id": "CVE-2021-3835",
"lastModified": "2024-11-21T06:22:34.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-07T22:15:08.360",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 22:15
Modified
2024-11-21 06:21
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F24C66-0DD5-4759-9E12-AA3F180EE6ED",
"versionEndExcluding": "2.5.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions \u003e= \u003e=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en Zephyr en la Eliminaci\u00f3n del Encabezado de Reensamblaje de Fragmentos IEEE 802154. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, contienen Desbordamiento de Enteros a Desbordamiento de B\u00fafer (CWE-680). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"id": "CVE-2021-3321",
"lastModified": "2024-11-21T06:21:17.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.3,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T22:15:07.967",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-680"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 04:54
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
},
{
"lang": "es",
"value": "Zephyr Bluetooth los datos de paquetes no comprobados, resultan en una denegaci\u00f3n de servicio.\u0026#xa0;Zephyr versiones posteriores a v1.14.2 incluy\u00e9ndola, versiones posteriores a v2.2.0 incluy\u00e9ndola contienen un manejo inapropiado de par\u00e1metros (CWE-233).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"id": "CVE-2020-10069",
"lastModified": "2024-11-21T04:54:44.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.650",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-233"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 18:15
Modified
2024-11-21 04:54
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24435 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24530 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24531 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24535 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24435 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24530 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24531 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24535 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50EF02E-4F26-4016-9D73-FF596F7EA61B",
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
},
{
"lang": "es",
"value": "Un adversario remoto con la capacidad de enviar paquetes arbitrarios de CoAP para que sean analizados por Zephyr, puede causar una denegaci\u00f3n de servicio. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores"
}
],
"id": "CVE-2020-10063",
"lastModified": "2024-11-21T04:54:43.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T18:15:12.667",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Permissions Required"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-11 05:15
Modified
2024-11-21 06:23
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72E7E8-9666-4069-B44B-38CB31636316",
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem."
},
{
"lang": "es",
"value": "La clase bluetooth del dispositivo USB incluye un desbordamiento de b\u00fafer relacionado con la implementaci\u00f3n de net_buf_add_mem."
}
],
"id": "CVE-2021-3966",
"lastModified": "2024-11-21T06:23:15.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T05:15:10.940",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 20:15
Modified
2024-11-21 06:21
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20F7320-1032-4FA2-B539-3D7EED5E091B",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions \u003e= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
},
{
"lang": "es",
"value": "Un mapa de canales no v\u00e1lido en la funci\u00f3n CONNECT_IND provoca un bloqueo. Zephyr versiones posteriores a v2.5.0 incluy\u00e9ndola, Comprobaci\u00f3n o Manejo Inapropiado de Condiciones Excepcionales (CWE-703). Para m\u00e1s informaci\u00f3n, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"id": "CVE-2021-3433",
"lastModified": "2024-11-21T06:21:29.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T20:15:08.187",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-27 15:19
Modified
2025-02-13 17:17
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem."
},
{
"lang": "es",
"value": "Posibles vulnerabilidades de desbordamiento del b\u00fafer en el subsistema Bluetooth Zephyr."
}
],
"id": "CVE-2023-4264",
"lastModified": "2025-02-13T17:17:17.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-27T15:19:40.230",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 18:15
Modified
2024-11-21 04:54
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23091 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23516 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23517 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23547 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23091 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23516 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23517 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23547 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "824F6D6D-B539-4424-BC2E-D4532017038F",
"versionEndExcluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1F7728-9799-4DBA-B334-D40EE108ACCE",
"versionEndExcluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
},
{
"lang": "es",
"value": "El manejo inapropiado del caso full-buffer en la implementaci\u00f3n de Zephyr Bluetooth puede resultar en una corrupci\u00f3n en la memoria. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores, y versi\u00f3n 1.14.0 y versiones posteriores"
}
],
"id": "CVE-2020-10061",
"lastModified": "2024-11-21T04:54:43.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T18:15:12.463",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 05:01
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199 | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199 | Not Applicable, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C2CE7E-FE81-48E0-B7BB-6C089224F772",
"versionEndIncluding": "2.3.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Security problem with settings and littlefs. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"lang": "es",
"value": "Un problema de seguridad con la configuraci\u00f3n y littlefs.\u0026#xa0;Zephyr versiones posteriores a 1.14.2 incluy\u00e9ndola, versiones posteriores a 2.3.0 incluy\u00e9ndola, contienen Permisos Predeterminados Incorrectos (CWE-276).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
],
"id": "CVE-2020-13599",
"lastModified": "2024-11-21T05:01:35.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.777",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-25 22:15
Modified
2024-11-21 08:34
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1A6332-2B25-49AD-89C2-AD24B5BBAE82",
"versionEndExcluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.\n\n"
},
{
"lang": "es",
"value": "En la implementaci\u00f3n de Bluetooth mesh, si el \"provisionee\" tiene una clave p\u00fablica que se env\u00eda OOB, durante el aprovisionamiento se puede devolver y ser\u00e1 aceptada por el \"provisionee\"."
}
],
"id": "CVE-2023-4258",
"lastModified": "2024-11-21T08:34:44.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-25T22:15:11.137",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-684"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-05 21:15
Modified
2024-11-21 06:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.2 | |
| zephyrproject | zephyr | 2.4.0 | |
| zephyrproject | zephyr | 2.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74694FC-5442-4F7E-AACF-0E1753F50148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB4423-CBB9-4BC1-9FBB-2690DAA3FDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA88796-7B3D-4328-BAFA-D28BFBE601D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions \u003e= 1.14.2, \u003e= 2.4.0, \u003e= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
},
{
"lang": "es",
"value": "BT: Posibilidad de sobrescribir un v\u00ednculo existente durante la fase de distribuci\u00f3n de claves cuando se conoce la direcci\u00f3n de identidad del v\u00ednculo. Zephyr versiones posteriores a 1.14.2 incluy\u00e9ndola, versiones posteriores a 2.4.0 incluy\u00e9ndola, versiones posteriores a 2.5.0 incluy\u00e9ndola, contienen Uso de M\u00faltiples Recursos con Identificador Duplicado (CWE-694). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"id": "CVE-2021-3436",
"lastModified": "2024-11-21T06:21:30.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-05T21:15:09.293",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-694"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-31 18:15
Modified
2024-11-21 07:01
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7142ED-492C-44F4-88A4-2BB2E455C59A",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa)."
},
{
"lang": "es",
"value": "La denegaci\u00f3n de servicio puede activarse transmitiendo un frame CAN cuidadosamente manipulada en la misma red CAN que el nodo vulnerable. El frame debe tener una ID CAN que coincida con un filtro instalado en el nodo vulnerable (esto se puede adivinar f\u00e1cilmente bas\u00e1ndose en los an\u00e1lisis de tr\u00e1fico CAN). El frame debe contener el bit RTR opuesto al que contiene el filtro instalado en el nodo vulnerable (si el filtro coincide con frame RTR, el frame debe ser un frame de datos o viceversa)."
}
],
"id": "CVE-2022-2741",
"lastModified": "2024-11-21T07:01:37.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-31T18:15:13.870",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-13 21:15
Modified
2024-11-21 08:34
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver"
},
{
"lang": "es",
"value": "Posible vulnerabilidad de desbordamiento del buffer en el controlador Zephyr IEEE 802.15.4 nRF 15.4"
}
],
"id": "CVE-2023-4263",
"lastModified": "2024-11-21T08:34:45.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T21:15:51.777",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 18:15
Modified
2024-11-21 04:54
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50EF02E-4F26-4016-9D73-FF596F7EA61B",
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
},
{
"lang": "es",
"value": "El c\u00f3digo de an\u00e1lisis de Zephyr MQTT realiza una comprobaci\u00f3n insuficiente del campo de longitud en los mensajes de publicaci\u00f3n, lo que permite un desbordamiento del b\u00fafer y potencialmente una ejecuci\u00f3n de c\u00f3digo remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores"
}
],
"id": "CVE-2020-10071",
"lastModified": "2024-11-21T04:54:44.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T18:15:13.087",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-19 06:15
Modified
2024-11-21 07:37
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B3C2A-EED0-4916-A4AF-9007C498B058",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete."
},
{
"lang": "es",
"value": "Un controlador bluetooth malicioso o defectuoso puede provocar una denegaci\u00f3n de servicio debido a una entrada no marcada en le_read_buffer_size_complete."
}
],
"id": "CVE-2023-0397",
"lastModified": "2024-11-21T07:37:06.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-19T06:15:09.737",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-04 06:15
Modified
2024-11-12 19:29
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gg46-3rh2-v765 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty."
},
{
"lang": "es",
"value": "En utf8_trunc en zephyr/lib/utils/utf8.c, last_byte_p puede apuntar a un byte antes del puntero de cadena si la cadena est\u00e1 vac\u00eda."
}
],
"id": "CVE-2024-6443",
"lastModified": "2024-11-12T19:29:43.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-04T06:15:05.160",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gg46-3rh2-v765"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 07:15
Modified
2025-02-28 01:51
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjhx-rrh4-j8mx | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE223D7A-B211-4093-BEE6-ADC5999041FE",
"versionEndIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation."
},
{
"lang": "es",
"value": " Un paquete DNS malicioso o malformado sin un payload puede provocar una lectura fuera de los l\u00edmites, lo que resulta en un bloqueo (denegaci\u00f3n de servicio) o un c\u00e1lculo incorrecto."
}
],
"id": "CVE-2025-1673",
"lastModified": "2025-02-28T01:51:41.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T07:15:18.837",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjhx-rrh4-j8mx"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24065 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24066 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/24154 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24065 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24066 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/24154 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 2.1.0 | |
| zephyrproject | zephyr | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "677DD0A3-502D-45F1-9CC8-8DDB8F230DFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
},
{
"lang": "es",
"value": "Una carga \u00fatil JSON malformada que es recibida desde un servidor UpdateHub puede desencadenar una corrupci\u00f3n de la memoria en el Sistema Operativo Zephyr. Esto podr\u00eda resultar en una denegaci\u00f3n de servicio en el mejor de los casos, o una ejecuci\u00f3n de c\u00f3digo en el peor de los casos. Consulte NCC-NCC-016. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.1.0 y versiones posteriores. Versi\u00f3n 2.2.0 y versiones posteriores."
}
],
"id": "CVE-2020-10022",
"lastModified": "2024-11-21T04:54:40.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.457",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/zephyrproject-rtos/zephyr/issues/7638 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/issues/7638 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70080A48-41D2-4740-9B61-1795FC3949D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)."
},
{
"lang": "es",
"value": "zephyr-rtos 1.12.0 contiene una vulnerabilidad de desreferencia de puntero NULL en sys_ring_buf_put() y sys_ring_buf_get() que puede resultar en un fallo de p\u00e1gina de CPU (c\u00f3digo de error 0x00000010). El ataque parece ser explotable si una aplicaci\u00f3n maliciosa llama a las API (sys_ring_buf_get() y sys_ring_buf_put del sistema) del kernel vulnerable."
}
],
"id": "CVE-2018-1000800",
"lastModified": "2024-11-21T03:40:22.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T17:29:02.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 22:15
Modified
2024-11-21 06:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F24C66-0DD5-4759-9E12-AA3F180EE6ED",
"versionEndExcluding": "2.5.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions \u003e= \u003e=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
},
{
"lang": "es",
"value": "Un Aliasing de Punteros Inesperado en el Reensamblaje de Fragmentos IEEE 802154 en Zephyr. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, contiene una Desreferencia de Puntero NULL (CWE-476). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"id": "CVE-2021-3322",
"lastModified": "2024-11-21T06:21:17.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T22:15:08.033",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-12 17:29
Modified
2024-11-21 03:12
Severity ?
Summary
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/6158 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/6158 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.9.0 | |
| zephyrproject | zephyr | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D313158-4E41-4829-8F2C-FEC375A2E0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F233F223-9600-437F-803B-AD8A6616BDE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo buffer overflow ha sido encontrada en la implementaci\u00f3n de getaddrinfo() de Zephyr Project, versiones 1.9.0 y 1.10.0."
}
],
"id": "CVE-2017-14199",
"lastModified": "2024-11-21T03:12:20.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-12T17:29:00.210",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-15 23:15
Modified
2025-02-03 20:09
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "298E55B2-C792-4444-9663-C28901674D88",
"versionEndIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols."
},
{
"lang": "es",
"value": "Cuando la direcci\u00f3n relativa del puntero global (GP) est\u00e1 habilitada (CONFIG_RISCV_GP=y), el registro gp apunta a 0x800 bytes m\u00e1s all\u00e1 del inicio de la secci\u00f3n .sdata, que luego es utilizada por el enlazador para relajar los accesos a los s\u00edmbolos globales."
}
],
"id": "CVE-2024-11263",
"lastModified": "2025-02-03T20:09:54.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-15T23:15:10.557",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-270"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-26 05:15
Modified
2024-11-21 06:39
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6086ECF3-DABE-487B-AF77-B975BF029C90",
"versionEndIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning."
},
{
"lang": "es",
"value": "En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de l\u00edmites durante el aprovisionamiento."
}
],
"id": "CVE-2022-1042",
"lastModified": "2024-11-21T06:39:55.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-26T05:15:07.900",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 05:01
Severity ?
7.0 (High) - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C2CE7E-FE81-48E0-B7BB-6C089224F772",
"versionEndIncluding": "2.3.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions \u003e= 1.14.2, \u003e= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
},
{
"lang": "es",
"value": "Un SPI malformado en respuesta a eswifi puede corromper la memoria del kernel.\u0026#xa0;Zephyr versiones posteriores a 1.14.2 incluy\u00e9ndola, versiones posteriores a 2.3.0 incluy\u00e9ndola, contienen un Desbordamiento del B\u00fafer en la regi\u00f3n Heap de la memoria (CWE-122).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"id": "CVE-2020-13600",
"lastModified": "2024-11-21T05:01:35.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.820",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-06 21:15
Modified
2024-11-21 08:17
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Nov/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/07/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem"
},
{
"lang": "es",
"value": "Posible vulnerabilidad de desbordamiento del b\u00fafer en el subsistema Zephyr CAN bus"
}
],
"id": "CVE-2023-3725",
"lastModified": "2024-11-21T08:17:55.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-06T21:15:10.853",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 04:54
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * | |
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04446C3A-F3CE-4015-99BB-40441B2FB274",
"versionEndIncluding": "1.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C09876-67B1-49DF-835A-5AC7201CBE3D",
"versionEndIncluding": "2.2.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Frame Validation in ieee802154 Processing. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
},
{
"lang": "es",
"value": "Una Comprobaci\u00f3n Inapropiada de la Trama de Entrada en el Procesamiento ieee802154.\u0026#xa0;Zephyr versiones posteriores a v1.14.2 incluy\u00e9ndola, versiones posteriores a v2.2.0 incluy\u00e9ndola, contienen un Desbordamiento de b\u00fafer en la regi\u00f3n Stack de la memoria (CWE-121), Desbordamiento de B\u00fafer en la regi\u00f3n Heap de la memoria (CWE-122).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"id": "CVE-2020-10064",
"lastModified": "2024-11-21T04:54:44.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:07.520",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Summary
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060 | Vendor Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/27865 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/27889 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/27891 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/27893 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/27865 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/27889 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/27891 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/27893 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2C38E4-CE91-4384-AD78-203DDCE58738",
"versionEndExcluding": "2.4.0",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."
},
{
"lang": "es",
"value": "En la funci\u00f3n updatehub_probe, justo despu\u00e9s que el an\u00e1lisis JSON es completado, objects\\[1] es accedido desde la estructura de salida en dos lugares diferentes. Si el JSON conten\u00eda menos de dos elementos, este acceso har\u00eda referencia a la memoria de la pila no inicializada. Esto podr\u00eda resultar en un bloqueo, una denegaci\u00f3n de servicio o posiblemente un filtrado de informaci\u00f3n. Siempre que la correcci\u00f3n en el CVE-2020-10059 sea aplicada, el ataque requiere un compromiso del servidor. Consulte NCC-ZEP-030. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.1.0 y versiones posteriores. versi\u00f3n 2.2.0 y versiones posteriores"
}
],
"id": "CVE-2020-10060",
"lastModified": "2024-11-21T04:54:43.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:12.020",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-19 22:15
Modified
2025-01-17 16:26
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5CEE1-7062-4E23-A3F2-D01DC14968AD",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read."
},
{
"lang": "es",
"value": "La documentaci\u00f3n especifica que BT_GATT_PERM_READ_LESC y BT_GATT_PERM_WRITE_LESC definen para una caracter\u00edstica de Bluetooth: Atributo permiso de lectura/escritura con cifrado LE Secure Connection. Si est\u00e1 configurado, requiere que se utilice LE Secure Connections para acceso de lectura/escritura; sin embargo, esto solo es cierto cuando se combina con otros permisos, a saber, BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (para lectura) o BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (para escritura), si estos permisos adicionales no est\u00e1n configurados (incluso en el modo de solo conexiones seguras), entonces la pila no realiza ninguna verificaci\u00f3n de permisos sobre estas caracter\u00edsticas y se pueden escribir/leer libremente."
}
],
"id": "CVE-2024-1638",
"lastModified": "2025-01-17T16:26:03.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-19T22:15:48.837",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-04 07:15
Modified
2024-11-13 15:24
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c."
},
{
"lang": "es",
"value": "No hay una validaci\u00f3n adecuada de la longitud de la entrada del usuario en olcp_ind_handler en zephyr/subsys/bluetooth/services/ots/ots_client.c."
}
],
"id": "CVE-2024-6444",
"lastModified": "2024-11-13T15:24:28.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-04T07:15:02.877",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qj4r-chj6-h7qp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-19 22:15
Modified
2025-02-03 20:33
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "628E3466-DA6C-4163-B11F-F1021F7822AF",
"versionEndExcluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"
},
{
"lang": "es",
"value": "BT: la comprobaci\u00f3n faltante en el paquete LL_CONNECTION_UPDATE_IND conduce a la divisi\u00f3n por cero"
}
],
"id": "CVE-2024-4785",
"lastModified": "2025-02-03T20:33:19.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-19T22:15:05.893",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23308 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23733 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23737 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23308 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23733 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23737 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.0 | |
| zephyrproject | zephyr | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E0A5F2-0439-40B6-A986-6E19975678CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "M\u00faltiples llamadas al sistema con comprobaci\u00f3n de argumento insuficiente. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.0 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10028",
"lastModified": "2024-11-21T04:54:40.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.847",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 06:21
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C50E5CB-CD68-41A5-9F8A-D0ECE450489E",
"versionEndIncluding": "2.4.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in 802154 ACK Frames Handling. Zephyr versions \u003e= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
},
{
"lang": "es",
"value": "Una Confusi\u00f3n de tipos en el manejo de tramas ACK 802154.\u0026#xa0;Las versiones de Zephyr superiores a v2.4.0 e incluy\u00e9ndolas, contienen un Desreferencia del Puntero NULL (CWE-476).\u0026#xa0;Para mayor informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"id": "CVE-2021-3320",
"lastModified": "2024-11-21T06:21:17.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T17:15:08.333",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-05 21:15
Modified
2024-11-21 06:21
Severity ?
7.0 (High) - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20F7320-1032-4FA2-B539-3D7EED5E091B",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Access with Incorrect Length Value in zephyr. Zephyr versions \u003e= \u003e=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
},
{
"lang": "es",
"value": "Acceso al b\u00fafer con un valor de longitud incorrecto en zephyr. Zephyr versiones posteriores a 2.5.0 incluy\u00e9ndola, contienen Acceso al Buffer con Valor de Longitud Incorrecto (CWE-805). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"id": "CVE-2021-3581",
"lastModified": "2024-11-21T06:21:53.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-05T21:15:09.407",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-805"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-15 19:15
Modified
2025-03-27 15:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C71E782-50A1-4727-B9FC-B20D7BF73A89",
"versionEndExcluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address."
},
{
"lang": "es",
"value": "El manejo de paquetes IP de Zephyr OS no descarta adecuadamente los paquetes IP que llegan a una interfaz externa con una direcci\u00f3n de origen igual a 127.0.01 o la direcci\u00f3n de destino."
}
],
"id": "CVE-2023-7060",
"lastModified": "2025-03-27T15:15:48.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-15T19:15:07.010",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 23:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerabilities@zephyrproject.org | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 | ||
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23328 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23499 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://github.com/zephyrproject-rtos/zephyr/pull/23500 | Patch, Third Party Advisory | |
| vulnerabilities@zephyrproject.org | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23328 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23499 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zephyrproject-rtos/zephyr/pull/23500 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr | 1.14.0 | |
| zephyrproject | zephyr | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E0A5F2-0439-40B6-A986-6E19975678CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
},
{
"lang": "es",
"value": "Un atacante que ha obtenido una ejecuci\u00f3n de c\u00f3digo dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.0 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."
}
],
"id": "CVE-2020-10027",
"lastModified": "2024-11-21T04:54:40.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T23:15:11.770",
"references": [
{
"source": "vulnerabilities@zephyrproject.org",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
}
],
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}