Lucene search

ZephyrCVELIST:CVE-2021-3319

HistoryOct 05, 2021 - 8:50 p.m.

CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses

2021-10-0520:50:14

CWE-476

CWE-588

zephyr

www.cve.org

cve-2021-3319

dos

incorrect 802154 frame validation

zephyr versions

null pointer dereference

attempt to access child

cve-476

cve-588

github

security advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "> v2.4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Related for CVELIST:CVE-2021-3319