Lucene search

ZephyrCVELIST:CVE-2023-4265

HistoryAug 12, 2023 - 10:09 p.m.

CVE-2023-4265 Buffer overflow in Zephyr USB

2023-08-1222:09:20

CWE-120

zephyr

www.cve.org

buffer overflow

zephyr usb

vulnerability

github

usb driver

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

24.4%

JSON

Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis… https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html

seclists.org/fulldisclosure/2023/Nov/1

www.openwall.com/lists/oss-security/2023/11/07/1

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

24.4%

JSON

Related for CVELIST:CVE-2023-4265