Zephyr@2.0.0 Security Vulnerabilities and Issues — Zephyr@2.0.0 CVE List

Lucene search

ZephyrprojectZephyr2.0.0

15 matches found

CVE•added 2021/05/25 5:15 p.m.•193 views

CVE-2021-3320

Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7

7.5CVSS6.6AI score0.00336EPSS

CVE•added 2020/06/05 6:15 p.m.•103 views

CVE-2020-10061

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

8.8CVSS8.5AI score0.00097EPSS

CVE•added 2020/06/05 6:15 p.m.•99 views

CVE-2020-10068

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

6.5CVSS5.8AI score0.00075EPSS

CVE•added 2021/05/25 5:15 p.m.•71 views

CVE-2020-13603

Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45

7.8CVSS7.3AI score0.00057EPSS

CVE•added 2020/05/11 11:15 p.m.•59 views

CVE-2020-10019

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2....

8.1CVSS8AI score0.00089EPSS

CVE•added 2021/05/25 5:15 p.m.•40 views

CVE-2020-13598

FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h

7.8CVSS6.9AI score0.00057EPSS

CVE•added 2021/05/25 5:15 p.m.•40 views

CVE-2020-13599

Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q

3.3CVSS3.9AI score0.0004EPSS

CVE•added 2021/05/25 5:15 p.m.•38 views

CVE-2020-13600

Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr

7.6CVSS7.1AI score0.00052EPSS

CVE•added 2021/05/25 5:15 p.m.•35 views

CVE-2020-10065

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c

8.8CVSS6.4AI score0.00205EPSS

CVE•added 2021/05/25 5:15 p.m.•34 views

CVE-2020-10069

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp

6.5CVSS5.4AI score0.00095EPSS

CVE•added 2021/05/25 5:15 p.m.•34 views

CVE-2020-13601

Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44

9.8CVSS9.3AI score0.00433EPSS

CVE•added 2021/05/25 5:15 p.m.•33 views

CVE-2020-10072

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm...

5.9CVSS5.4AI score0.00036EPSS

CVE•added 2021/05/25 5:15 p.m.•32 views

CVE-2020-10064

Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7

9.8CVSS9.3AI score0.00438EPSS

CVE•added 2021/05/25 5:15 p.m.•32 views

CVE-2020-10066

Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr

5.7CVSS4.7AI score0.00054EPSS

CVE•added 2021/05/25 5:15 p.m.•32 views

CVE-2020-13602

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-...

5.5CVSS5AI score0.00112EPSS