4 matches found
PT-2025-7818 · Zephyrproject Rtos · Zephyr
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to the function dns copy qname in dns pack.c, which performs a memcpy operation with an untrusted field. It does not check if the source buffer is large enough to contai...
CVE-2020-10063 Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10028
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...
Input validation
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions...