CVE-2020-10070 - OpenCVE

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zephyrproject	Zephyr

Configuration 1 [-]

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070
https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542
https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85

History

No history.

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2020-06-05T17:37:37.459802Z

Updated: 2024-09-16T23:06:22.833Z

Reserved: 2020-03-04T00:00:00

Link: CVE-2020-10070

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-05T18:15:12.997

Modified: 2020-06-12T14:27:37.033

Link: CVE-2020-10070

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "NCC Group for report"}], "datePublic": "2020-05-25T00:00:00", "descriptions": [{"lang": "en", "value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-05T17:37:37", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"}, {"tags": ["x_refsource_MISC"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"}], "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"], "discovery": "EXTERNAL"}, "title": "MQTT buffer overflow on receive buffer", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilities@zephyrproject.org", "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10070", "STATE": "PUBLIC", "TITLE": "MQTT buffer overflow on receive buffer"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zephyr", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.2.0"}]}}]}, "vendor_name": "zephyrproject-rtos"}]}}, "credit": [{"lang": "eng", "value": "NCC Group for report"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}, {"description": [{"lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound"}]}]}, "references": {"reference_data": [{"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment", "refsource": "MISC", "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"}, {"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85", "refsource": "MISC", "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"}, {"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070", "refsource": "MISC", "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"}]}, "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:50:57.848Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"}]}]}, "cveMetadata": {"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2020-10070", "datePublished": "2020-06-05T17:37:37.459802Z", "dateReserved": "2020-03-04T00:00:00", "dateUpdated": "2024-09-16T23:06:22.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "matchCriteriaId": "A50EF02E-4F26-4016-9D73-FF596F7EA61B", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."}, {"lang": "es", "value": "En el c\u00f3digo de Zephyr Project MQTT, la comprobaci\u00f3n incorrecta de los l\u00edmites puede resultar en corrupci\u00f3n de la memoria y potencialmente en una ejecuci\u00f3n de c\u00f3digo remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.2.0 y versiones posteriores"}], "id": "CVE-2020-10070", "lastModified": "2020-06-12T14:27:37.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}, "published": "2020-06-05T18:15:12.997", "references": [{"source": "vulnerabilities@zephyrproject.org", "tags": ["Vendor Advisory"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Third Party Advisory"], "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Third Party Advisory"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-190"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}