Lucene search
+L

6 matches found

cvelist
cvelist
added 2026/06/29 10:9 p.m.26 views

CVE-2026-7656 Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS0.00205EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/25 4:27 p.m.22 views

CVE-2026-13351 net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

7.5CVSS0.00278EPSS
Exploits1References1
nvd
nvd
added 2026/06/16 3:16 p.m.13 views

CVE-2026-10636

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

3.7CVSS0.00261EPSS
Exploits1References2
nvd
nvd
added 2026/01/30 6:16 a.m.11 views

CVE-2025-12899

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS0.00301EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/30 5:34 a.m.29 views

CVE-2025-12899 net: icmp: Out of bound memory read

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS0.00301EPSS
Exploits0References1
osv
osv
added 2026/01/30 5:34 a.m.7 views

CVE-2025-12899 net: icmp: Out of bound memory read

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS5.9AI score0.00301EPSS
Exploits0References4
Rows per page
Query Builder