Lucene search

ZephyrCVELIST:CVE-2023-0397

HistoryJan 19, 2023 - 12:00 a.m.

CVE-2023-0397 DoS: Invalid Initialization in le_read_buffer_size_complete

2023-01-1900:00:00

CWE-703

zephyr

www.cve.org

denial of service

bluetooth controller

input validation

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.

CNA Affected

[
  {
    "vendor": "zephyrproject-rtos",
    "product": "zephyr",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "v3.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

Related for CVELIST:CVE-2023-0397