2 matches found
EUVD-2026-39396
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-4526
EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...