Lucene search

K
cvelistZephyrCVELIST:CVE-2024-3077
HistoryMar 29, 2024 - 5:06 a.m.

CVE-2024-3077 Bluetooth: integer underflow in gatt_find_info_rsp

2024-03-2905:06:18
CWE-190
CWE-126
zephyr
www.cve.org
cve-2024-3077
bluetooth
integer underflow
gatt_find_info_rsp
crash
malformed packet

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

9.1%

An malicious BLE device can crash BLE victim device by sending malformed gatt packet

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.6",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

9.1%

Related for CVELIST:CVE-2024-3077