19 matches found
CVE-2026-9263
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
CVE-2026-10654
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...
CVE-2026-10641 Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
EUVD-2020-2534
Malware in sbrugna...
EUVD-2022-24389
Malicious code in bioql PyPI...
EUVD-2023-54135
Malicious code in bioql PyPI...
CVE-2023-4264
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem...
CVE-2024-8798
No proper validation of the length of user input in olcpindhandler in zephyr/subsys/bluetooth/services/ots/otsclient.c...
The vulnerability in the /subsys/bluetooth/host/hci_core.c component of the real-time Bluetooth subsystem of the Zephyr operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability in the /subsys/bluetooth/host/hcicore.c component of the real-time Bluetooth subsystem of the Zephyr operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the...
CVE-2023-4264
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem...
CVE-2023-4264 Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem...
CVE-2022-1041
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning...
PT-2022-13613 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: An out-of-bound write issue can be triggered in the Zephyr bluetooth mesh core stack during provisioning. Recommendations: At the moment, there is no information about a newer version that...
PT-2022-13612 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: An out-of-bound write issue can be triggered in the Zephyr bluetooth mesh core stack during provisioning. Recommendations: At the moment, there is no information about a newer version that...
CVE-2020-10069
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Parameters CWE-233. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp...
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Parameters CWE-233. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp...
CVE-2020-10068
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions...
Memory corruption
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions...
CVE-2020-10061 Error handling invalid packet sequence
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions...