24 matches found
CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`
parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...
CVE-2026-10659
The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...
CVE-2026-10659 NULL pointer dereference in Zephyr Dhara FTL disk driver on flash read error during journal resume
The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...
CVE-2026-10656 NULL-pointer dereference DoS in MAX32 USB device controller transfer-completion handlers
The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...
CVE-2026-10648
mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...
EUVD-2021-26760
Malware in sbrugna...
EUVD-2021-26757
Malware in sbrugna...
EUVD-2020-2530
Malware in sbrugna...
CVE-2021-3435
Information leakage in leecredconnreq. Zephyr versions = v2.4.0 Use of Uninitialized Resource CWE-908. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh...
CVE-2021-3432
Invalid interval in CONNECTIND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero CWE-369. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4...
Zephyr 安全漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr version v2.5.0 and later, which stems from an invalid channel mapping in CONNECTIND that results in a deadlock...
CVE-2021-3835
Buffer overflow in usb device class. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf...
CVE-2021-3432
Invalid interval in CONNECTIND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero CWE-369. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4...
CVE-2020-10064
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions = v1.14.2, = v2.2.0 contain Stack-based Buffer Overflow CWE-121, Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7...
Zephyr Code Execution Vulnerability (CNVD-2020-35965)
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in the MQTT code in Zephyr 2.2.0 and later fixed in version 2.3.0, which stems from the program failing to properly check boundaries. An attacker could exploit the...
CVE-2020-10062
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10063
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10071 Insufficient publish message length validation in MQTT
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10060
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...