CVE-2021-3510 - Vulnerability Details

Vendors	Products
Zephyrproject	Zephyr

Link	Providers
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThan": "unspecified", "status": "affected", "version": ">1.14.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": ">2.5.0", "versionType": "custom"}]}], "datePublic": "2020-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-588", "description": "Attempt to Access Child of a Non-structure Pointer (CWE-588)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-05T20:50:17", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}], "source": {"defect": ["https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"]}, "title": "Zephyr JSON decoder incorrectly decodes array of array", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilities@zephyrproject.org", "DATE_PUBLIC": "2020-06-20T00:00:00.000Z", "ID": "CVE-2021-3510", "STATE": "PUBLIC", "TITLE": "Zephyr JSON decoder incorrectly decodes array of array"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zephyr", "version": {"version_data": [{"version_affected": ">=", "version_value": ">1.14.0"}, {"version_affected": ">=", "version_value": ">2.5.0"}]}}]}, "vendor_name": "zephyrproject-rtos"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.5, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Attempt to Access Child of a Non-structure Pointer (CWE-588)"}]}]}, "references": {"reference_data": [{"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4", "refsource": "MISC", "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}]}, "source": {"defect": ["https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.841Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}]}]}, "cveMetadata": {"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2021-3510", "datePublished": "2021-10-05T20:50:17.320779Z", "dateReserved": "2021-04-20T00:00:00", "dateUpdated": "2024-09-16T19:04:43.233Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : zephyr (string)

vendor : zephyrproject-rtos (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : affected (string)

version : >1.14.0 (string)

versionType : custom (string)

}

1 : { »

lessThan : unspecified (string)

status : affected (string)

version : >2.5.0 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2020-06-20T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-588 (string)

description : Attempt to Access Child of a Non-structure Pointer (CWE-588) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-10-05T20:50:17 (string)

orgId : e2e69745-5e70-4e92-8431-deb5529a81ad (string)

shortName : zephyr (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

source : { »

defect : [ »

0 : https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

]

}

title : Zephyr JSON decoder incorrectly decodes array of array (string)

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vulnerabilities@zephyrproject.org (string)

DATE_PUBLIC : 2020-06-20T00:00:00.000Z (string)

ID : CVE-2021-3510 (string)

STATE : PUBLIC (string)

TITLE : Zephyr JSON decoder incorrectly decodes array of array (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : zephyr (string)

version : { »

version_data : [ »

0 : { »

version_affected : >= (string)

version_value : >1.14.0 (string)

}

1 : { »

version_affected : >= (string)

version_value : >2.5.0 (string)

}

]

}

]

}

vendor_name : zephyrproject-rtos (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

environmentalScore : 7.5 (number)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

temporalScore : 7.5 (number)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Attempt to Access Child of a Non-structure Pointer (CWE-588) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

refsource : MISC (string)

url : http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

}

source : { »

defect : [ »

0 : https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T16:53:17.841Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : e2e69745-5e70-4e92-8431-deb5529a81ad (string)

assignerShortName : zephyr (string)

cveId : CVE-2021-3510 (string)

datePublished : 2021-10-05T20:50:17.320779Z (string)

dateReserved : 2021-04-20T00:00:00 (string)

dateUpdated : 2024-09-16T19:04:43.233Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:-:*:*:*:*:*:*", "matchCriteriaId": "5335FA2C-9A79-40F6-826F-BAC18A67119B", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "DEBD3882-A442-4C05-B0D8-0CB3E0A40FDC", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "3ABA1766-06A8-4DBE-BAFC-FB80BFC7479F", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "2C688ACD-EB21-4EB8-BD18-346461AA00A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:-:*:*:*:*:*:*", "matchCriteriaId": "81451111-93D1-472E-86F7-19B2EAF204F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "0A323B6E-F8DF-46FC-A196-192BE2D02D14", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "1E577E10-785B-4B61-A68F-11FDD90C3978", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "BE6A58E9-5CB8-47B1-8EB4-2577820C534C", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "B74694FC-5442-4F7E-AACF-0E1753F50148", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "59613BD2-C171-4C2C-A5D4-EEEC4824AED1", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:1.14.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "01DC16EF-D7A0-4FB6-989A-18E0079C1CBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "E3F6440A-9503-41ED-9BAB-CA0265C707B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "353849CD-BC4B-4ADB-96E9-5EAB93023E9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "07DA9C8D-1B2C-4B8A-9D23-2626DAD906BF", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "88672A18-976F-469A-A570-D6815637C34E", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "E68E950F-AB7E-4CC5-B0DF-6D9DEBE13A29", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.5.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "487B9DEC-FA4B-4007-8C1C-82165ECE5F75", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "05609E26-61CD-494F-97D3-B0235B0CE539", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E42A2A00-1210-4BAB-A740-A27E54511521", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4568B890-B0EB-4EBE-8DE6-95D346928C72", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "50DAD9FB-908B-4977-869E-8920EFF30DFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "5E0931CF-F40A-4D7E-BC45-5DBD86C0CC99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}, {"lang": "es", "value": "El decodificador JSON de Zephyr decodifica incorrectamente un array de array. Zephyr versiones anteriores y posteriores a 1.14.0 incluy\u00e9ndola, versiones anteriores y posteriores a 2.5.0 incluy\u00e9ndola, contienen Intento de Acceso a Child de un Puntero No Estructurado (CWE-588). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}], "id": "CVE-2021-3510", "lastModified": "2024-11-21T06:21:43.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-05T21:15:09.353", "references": [{"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-588"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 5335FA2C-9A79-40F6-826F-BAC18A67119B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : DEBD3882-A442-4C05-B0D8-0CB3E0A40FDC (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 3ABA1766-06A8-4DBE-BAFC-FB80BFC7479F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 2C688ACD-EB21-4EB8-BD18-346461AA00A9 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.1:-:*:*:*:*:*:* (string)

matchCriteriaId : 81451111-93D1-472E-86F7-19B2EAF204F7 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0A323B6E-F8DF-46FC-A196-192BE2D02D14 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 1E577E10-785B-4B61-A68F-11FDD90C3978 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.1:rc3:*:*:*:*:*:* (string)

matchCriteriaId : BE6A58E9-5CB8-47B1-8EB4-2577820C534C (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:* (string)

matchCriteriaId : B74694FC-5442-4F7E-AACF-0E1753F50148 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.3:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 59613BD2-C171-4C2C-A5D4-EEEC4824AED1 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:1.14.3:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 01DC16EF-D7A0-4FB6-989A-18E0079C1CBE (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.5.0:-:*:*:*:*:*:* (string)

matchCriteriaId : E3F6440A-9503-41ED-9BAB-CA0265C707B6 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 353849CD-BC4B-4ADB-96E9-5EAB93023E9F (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 07DA9C8D-1B2C-4B8A-9D23-2626DAD906BF (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 88672A18-976F-469A-A570-D6815637C34E (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.5.0:rc4:*:*:*:*:*:* (string)

matchCriteriaId : E68E950F-AB7E-4CC5-B0DF-6D9DEBE13A29 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.5.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 487B9DEC-FA4B-4007-8C1C-82165ECE5F75 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.6.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 05609E26-61CD-494F-97D3-B0235B0CE539 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : E42A2A00-1210-4BAB-A740-A27E54511521 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 4568B890-B0EB-4EBE-8DE6-95D346928C72 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.6.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 50DAD9FB-908B-4977-869E-8920EFF30DFE (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:zephyrproject:zephyr:2.6.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 5E0931CF-F40A-4D7E-BC45-5DBD86C0CC99 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

1 : { »

lang : es (string)

value : El decodificador JSON de Zephyr decodifica incorrectamente un array de array. Zephyr versiones anteriores y posteriores a 1.14.0 incluyéndola, versiones anteriores y posteriores a 2.5.0 incluyéndola, contienen Intento de Acceso a Child de un Puntero No Estructurado (CWE-588). Para más información, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

id : CVE-2021-3510 (string)

lastModified : 2024-11-21T06:21:43.033 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : vulnerabilities@zephyrproject.org (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-10-05T21:15:09.353 (string)

references : [ »

0 : { »

source : vulnerabilities@zephyrproject.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 (string)

}

]

sourceIdentifier : vulnerabilities@zephyrproject.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-588 (string)

}

]

source : vulnerabilities@zephyrproject.org (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object