Lucene search

ZephyrCVELIST:CVE-2023-5184

HistorySep 27, 2023 - 5:26 p.m.

CVE-2023-5184 Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver

2023-09-2717:26:51

CWE-195

CWE-120

zephyr

www.cve.org

cve-2023-5184

conversion errors

signed

unsigned

vulnerabilities

zephyr ipm

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

AI Score

9.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.4",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html

seclists.org/fulldisclosure/2023/Nov/1

www.openwall.com/lists/oss-security/2023/11/07/1

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

AI Score

9.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-5184