Lucene search

[email protected]NVD:CVE-2023-4424

HistoryNov 21, 2023 - 7:15 a.m.

CVE-2023-4424

2023-11-2107:15:10

CWE-120

CWE-190

[email protected]

web.nvd.nist.gov

cve-2023-4424

ble

buffer overflow

zephyr os

dos

rce

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%

JSON

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

Affected configurations

Nvd

Node

zephyrprojectzephyrRange≤3.4.0

VendorProductVersionCPE
zephyrprojectzephyr*cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zephyrproject	zephyr	*	cpe:2.3:o:zephyrproject:zephyr::::::::

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%

JSON

Related for NVD:CVE-2023-4424

veracode1 prion1 cve1 cvelist1