Filtered by vendor Zephyrproject Subscriptions
Filtered by product Zephyr Subscriptions
Total 91 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1902 1 Zephyrproject 1 Zephyr 2024-11-07 5.9 Medium
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2023-1901 1 Zephyrproject 1 Zephyr 2024-11-07 5.9 Medium
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2023-2234 1 Zephyrproject 1 Zephyr 2024-11-07 6.8 Medium
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
CVE-2023-5139 1 Zephyrproject 1 Zephyr 2024-10-11 4.4 Medium
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
CVE-2024-6442 1 Zephyrproject 1 Zephyr 2024-10-04 6.3 Medium
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
CVE-2024-6444 1 Zephyrproject 1 Zephyr 2024-10-04 6.3 Medium
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVE-2024-6443 1 Zephyrproject 1 Zephyr 2024-10-04 6.3 Medium
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
CVE-2024-6259 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2024-09-25 7.6 High
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
CVE-2023-4259 1 Zephyrproject 1 Zephyr 2024-09-24 7.1 High
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
CVE-2023-4258 1 Zephyrproject 1 Zephyr 2024-09-24 8.6 High
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
CVE-2024-5754 1 Zephyrproject 1 Zephyr 2024-09-19 8.2 High
BT: Encryption procedure host vulnerability
CVE-2024-6258 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2024-09-19 6.8 Medium
BT: Missing length checks of net_buf in rfcomm_handle_data
CVE-2024-5931 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2024-09-19 6.3 Medium
BT: Unchecked user input in bap_broadcast_assistant
CVE-2024-6135 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2024-09-19 7.6 High
BT:Classic: Multiple missing buf length checks
CVE-2024-6137 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2024-09-19 7.6 High
BT: Classic: SDP OOB access in get_att_search_list
CVE-2023-5563 1 Zephyrproject 1 Zephyr 2024-09-17 7.1 High
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
CVE-2020-10071 1 Zephyrproject 1 Zephyr 2024-09-17 9 Critical
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-10072 1 Zephyrproject 1 Zephyr 2024-09-17 5.9 Medium
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
CVE-2020-10063 1 Zephyrproject 1 Zephyr 2024-09-17 6.8 Medium
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-13598 1 Zephyrproject 1 Zephyr 2024-09-17 6.3 Medium
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h