Lucene search

[email protected]NVD:CVE-2023-5139

HistoryOct 26, 2023 - 5:15 a.m.

CVE-2023-5139

2023-10-2605:15:26

CWE-120

[email protected]

web.nvd.nist.gov

buffer overflow

vulnerability

zephyr stm32 crypto

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver

Affected configurations

Nvd

Node

zephyrprojectzephyrRange≤3.4.0

VendorProductVersionCPE
zephyrprojectzephyr*cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zephyrproject	zephyr	*	cpe:2.3:o:zephyrproject:zephyr::::::::

References

packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html

seclists.org/fulldisclosure/2023/Nov/1

www.openwall.com/lists/oss-security/2023/11/07/1

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-5139

cvelist1 cve1 veracode1 prion1