Lucene search

ZephyrCVELIST:CVE-2021-3966

HistoryJan 11, 2023 - 12:00 a.m.

CVE-2021-3966 Usb bluetooth device ACL read cb buffer overflow

2023-01-1100:00:00

CWE-122

zephyr

www.cve.org

bluetooth

buffer overflow

acl

cve-2021-3966

implementation

net_buf_add_mem

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.

CNA Affected

[
  {
    "vendor": "zephyrproject-rtos",
    "product": "zephyr",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "v3.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

Related for CVELIST:CVE-2021-3966