CVE-2023-4264 - Vulnerability Details - OpenCVE

Description

Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.

Published: 2023-09-26

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

zephyrproject-rtos

Zephyr

unaffected

Version	Status	Constraints
`0`	affected	≤ 3.4

Configuration 1 [-]

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-54135	Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00231.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
http://seclists.org/fulldisclosure/2023/Nov/1
http://www.openwall.com/lists/oss-security/2023/11/07/1
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j

History

Wed, 18 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description	Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.	Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.

Subscriptions

Zephyrproject Zephyr

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2023-09-26T18:34:52.817Z

Updated: 2025-06-18T14:13:45.830Z

Reserved: 2023-08-08T21:12:31.078Z

Link: CVE-2023-4264

Vulnrichment

Updated: 2024-08-02T07:24:03.980Z

NVD

Status : Modified

Published: 2023-09-27T15:19:40.230

Modified: 2025-02-13T17:17:17.327

Link: CVE-2023-4264

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4264", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "state": "PUBLISHED", "assignerShortName": "zephyr", "dateReserved": "2023-08-08T21:12:31.078Z", "datePublished": "2023-09-26T18:34:52.817Z", "dateUpdated": "2025-06-18T14:13:45.830Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Zephyr", "product": "Zephyr", "repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThanOrEqual": "3.4", "status": "affected", "version": "0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.<br></p>"}], "value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2023-11-14T03:06:20.031Z"}, "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/1"}, {"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.980Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/1", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-18T14:13:20.137564Z", "id": "CVE-2023-4264", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T14:13:45.830Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/1", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.980Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-18T14:13:20.137564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T14:13:39.508Z"}}], "cna": {"title": "Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "product": "Zephyr", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "3.4"}], "packageName": "Zephyr", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/1"}, {"url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.", "supportingMedia": [{"type": "text/html", "value": "<p>Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function)."}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}]}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2023-11-14T03:06:20.031Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4264", "state": "PUBLISHED", "dateUpdated": "2025-06-18T14:13:45.830Z", "dateReserved": "2023-08-08T21:12:31.078Z", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "datePublished": "2023-09-26T18:34:52.817Z", "assignerShortName": "zephyr"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2", "versionEndIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem."}, {"lang": "es", "value": "Posibles vulnerabilidades de desbordamiento del b\u00fafer en el subsistema Bluetooth Zephyr."}], "id": "CVE-2023-4264", "lastModified": "2025-02-13T17:17:17.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:40.230", "references": [{"source": "vulnerabilities@zephyrproject.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Nov/1"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Nov/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/11/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-121"}, {"lang": "en", "value": "CWE-122"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}