18 matches found
EUVD-2020-2530
Malware in sbrugna...
EUVD-2021-26760
Malware in sbrugna...
EUVD-2021-26757
Malware in sbrugna...
CVE-2021-3435
Information leakage in leecredconnreq. Zephyr versions = v2.4.0 Use of Uninitialized Resource CWE-908. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh...
CVE-2021-3432
Invalid interval in CONNECTIND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero CWE-369. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4...
Zephyr 安全漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr version v2.5.0 and later, which stems from an invalid channel mapping in CONNECTIND that results in a deadlock...
CVE-2021-3835
Buffer overflow in usb device class. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf...
CVE-2020-10064
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions = v1.14.2, = v2.2.0 contain Stack-based Buffer Overflow CWE-121, Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7...
Zephyr Code Execution Vulnerability (CNVD-2020-35965)
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in the MQTT code in Zephyr 2.2.0 and later fixed in version 2.3.0, which stems from the program failing to properly check boundaries. An attacker could exploit the...
CVE-2020-10063
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10062
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10071 Insufficient publish message length validation in MQTT
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions...
CVE-2020-10060
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...
Code injection
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...
Design/Logic Flaw
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10027 ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...