Lucene search
K

6 matches found

Cvelist
Cvelist
added 5 days ago21 views

CVE-2026-7656 Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:27 p.m.15 views

CVE-2026-13351 net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 3:16 p.m.10 views

CVE-2026-10636

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

3.7CVSS0.00261EPSS
Exploits1References2
NVD
NVD
added 2026/01/30 6:16 a.m.6 views

CVE-2025-12899

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/01/30 6:16 a.m.5 views

CVE-2025-12899

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS5.8AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/30 5:34 a.m.25 views

CVE-2025-12899 net: icmp: Out of bound memory read

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS0.00301EPSS
Exploits0References1
Rows per page
Query Builder