Buffer Under-read

libzephyr.so is vulnerable to Buffer Under-read. The vulnerability is due to a lack of proper length checking for user input, allowing an attacker to overflow a buffer and potentially execute arbitrary code or cause a crash...

Heap-based Buffer Overflow

libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is caused due to a lack of adequate size checks on buf before performing the netbufpullu8buf operation. This may result in memory corruption or a Denial of Service DoS...

Heap-based Buffer Overflow

libzephyr.so is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to missing checks for the remaining size of a buffer in the bthcileadvextreport function in bluetooth/host/scan.c before passing it on to the cont routine. This may lead to unexpected behavior or system...

Out-of-bounds Write

libzephyr.so is vulnerable to Out-of-bounds Write.The vulnerability is caused due to improper handling of data sizes in the getattsearchlist function in bluetooth/host/sdp.c, which can lead to a crash when passing a dataelem of size greater than 10...

Divide By Zero

libzephyr.so is vulnerable to Divide By Zero. The vulnerability is caused due to a function llcppdudecodeconnupdateind within subsys/bluetooth/controller/llsw/ullllcppdu.c not validating the content before using it. This can lead to a malicious BLE device crash BLE peripheral's BLE controller by...

NULL Pointer Dereference

libzephyr.so is vulnerable to NULL Pointer Dereference. The vulnerability is due to a malicious BLE device sending a specific order of packet sequences to cause a DoS attack on the victim BLE device...

Buffer Over-read

libzephyr.so is vulnerable to Buffer Over-read. The vulnerability is due to a flaw in the handling of malformed GATT packets by the BLE victim device when communicating with a malicious BLE device. This flaw allows the malicious BLE device to crash the victim device...

Missing Permission Checks

libzephyr.so is vulnerable to Missing Permission Checks. This vulnerability is due to improper handling of attribute permissions, specifically for LE Secure Connection encryption. The vulnerability arises because even when the BTGATTPERMREADLESC and BTGATTPERMWRITELESC configuration parameters ar...

Buffer Overflow

libzephyr.so is vulnerable to Buffer overflow. The vulnerability is due to signed to unsigned conversion when passing a negative size to memcpy, which can lead to buffer overflow in the esp32ipmsend function...

Stack-based Buffer Overflow

libzephyr.so is vulnerable to a Buffer Overflow. The vulnerability is due to an unchecked length coming from user input in settings shell, specifically during the handling of SETTINGSVALUESTRING type values, which can result in copying data of a length greater than the buffer size allocated for...

Stack-based Buffer Overflow

libzephyr.so is vulnerable to Stack-based Buffer Overflow. The vulnerability is due to the leecredreconfreq function insubsys/bluetooth/host/l2cap.c because the chancount variable value becomes greater than maximum value allowed in L2CAPECREDCHANMAXPERREQ. This leads to buffer overflow resulting ...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflow. The vulnerability occurs due to a ineffective assert check within the STM32 Crypto Driver component which then leads to an application crash...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflow. The vulnerability exists due to the IEEE 802.15.4 driver in ieee802154nrf5.c, which allows an attacker to cause an application crash...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflow. The vulnerability is caused by the insecure use of the sprintf function. If the path parameter is PATHMAX characters long, the sprintf function will write one NULL byte off the stack variable mountpath. When the path parameter is attacker-controlled...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflow. The vulnerability exists due to the lack of size check for buffer copy inputs in isotp.h, which allows an attacker to cause an application crash...

Improper Input Validation

libzephyr.so is vulnerable to Improper Input Validation. The vulnerability exists due to the smpkeyscheck function insmp.c due to a missing conditional check which allows an attacker to gain access and perform unauthorized actions...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflow. The vulnerability is due to the imxmuipmsend function in ipmimx.c and the mcuxmailboxipmsend function in ipmmcux.c which is susceptible to buffer overflow if the size parameter is negative, as a result of signed/unsigned conversion mishandling. The f...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflow. The vulnerability exists due to the lack of user input validation in the eswificore.c and eswifishell.c, which allows an attacker to cause an application crash...