Filtered by vendor Zephyrproject
Subscriptions
Filtered by product Zephyr
Subscriptions
Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-1902 | 1 Zephyrproject | 1 Zephyr | 2024-11-07 | 5.9 Medium |
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | ||||
CVE-2023-1901 | 1 Zephyrproject | 1 Zephyr | 2024-11-07 | 5.9 Medium |
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | ||||
CVE-2023-2234 | 1 Zephyrproject | 1 Zephyr | 2024-11-07 | 6.8 Medium |
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | ||||
CVE-2023-5139 | 1 Zephyrproject | 1 Zephyr | 2024-10-11 | 4.4 Medium |
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver | ||||
CVE-2024-6442 | 1 Zephyrproject | 1 Zephyr | 2024-10-04 | 6.3 Medium |
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | ||||
CVE-2024-6444 | 1 Zephyrproject | 1 Zephyr | 2024-10-04 | 6.3 Medium |
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | ||||
CVE-2024-6443 | 1 Zephyrproject | 1 Zephyr | 2024-10-04 | 6.3 Medium |
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | ||||
CVE-2024-6259 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-25 | 7.6 High |
BT: HCI: adv_ext_report Improper discarding in adv_ext_report | ||||
CVE-2023-4259 | 1 Zephyrproject | 1 Zephyr | 2024-09-24 | 7.1 High |
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | ||||
CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2024-09-24 | 8.6 High |
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | ||||
CVE-2024-5754 | 1 Zephyrproject | 1 Zephyr | 2024-09-19 | 8.2 High |
BT: Encryption procedure host vulnerability | ||||
CVE-2024-6258 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 6.8 Medium |
BT: Missing length checks of net_buf in rfcomm_handle_data | ||||
CVE-2024-5931 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 6.3 Medium |
BT: Unchecked user input in bap_broadcast_assistant | ||||
CVE-2024-6135 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 7.6 High |
BT:Classic: Multiple missing buf length checks | ||||
CVE-2024-6137 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 7.6 High |
BT: Classic: SDP OOB access in get_att_search_list | ||||
CVE-2023-5563 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 7.1 High |
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. | ||||
CVE-2020-10071 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 9 Critical |
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | ||||
CVE-2020-10072 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 5.9 Medium |
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc | ||||
CVE-2020-10063 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 6.8 Medium |
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | ||||
CVE-2020-13598 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 6.3 Medium |
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h |