Filtered by vendor Zephyrproject
Subscriptions
Filtered by product Zephyr
Subscriptions
Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-13603 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.9 Medium |
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45 | ||||
CVE-2020-10060 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 8 High |
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | ||||
CVE-2021-3430 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.5 Medium |
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | ||||
CVE-2020-10070 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 9 Critical |
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | ||||
CVE-2021-3431 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 4.3 Medium |
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | ||||
CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 8.1 High |
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | ||||
CVE-2021-3321 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 7.5 High |
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | ||||
CVE-2021-3320 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 5.9 Medium |
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 | ||||
CVE-2021-3319 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.5 Medium |
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 | ||||
CVE-2022-1841 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 7.2 High |
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | ||||
CVE-2020-10065 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 3.8 Low |
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c | ||||
CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 8.3 High |
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | ||||
CVE-2020-10027 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 7.8 High |
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | ||||
CVE-2021-3436 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 4.3 Medium |
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 | ||||
CVE-2022-1042 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 8.2 High |
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | ||||
CVE-2021-3581 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 7 High |
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 | ||||
CVE-2021-3510 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 7.5 High |
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | ||||
CVE-2021-3625 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 9.6 Critical |
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | ||||
CVE-2021-3322 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.5 Medium |
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 | ||||
CVE-2021-3455 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 4.3 Medium |
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp |