Lucene search

ZephyrCVELIST:CVE-2020-13602

HistoryMay 24, 2021 - 9:40 p.m.

CVE-2020-13602 Remote Denial of Service in LwM2M do_write_op_tlv

2021-05-2421:40:29

CWE-835

CWE-20

zephyr

www.cve.org

cve-2020-13602

lwm2m

zephyr

remote denial of service

improper input validation

infinite loop

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

32.1%

JSON

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition (‘Infinite Loop’) (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.14.2",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

32.1%

JSON

Related for CVELIST:CVE-2020-13602