Zephyr@2.4.0 Security Vulnerabilities and Issues — Zephyr@2.4.0 CVE List

Lucene search

ZephyrprojectZephyr2.4.0

11 matches found

CVE•added 2021/05/25 5:15 p.m.•193 views

CVE-2021-3320

Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7

7.5CVSS6.6AI score0.00336EPSS

CVE•added 2021/10/19 11:15 p.m.•88 views

CVE-2021-3454

Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29...

7.5CVSS5.9AI score0.00334EPSS

CVE•added 2021/10/19 11:15 p.m.•82 views

CVE-2021-3455

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp

7.5CVSS6AI score0.00393EPSS

CVE•added 2022/06/28 8:15 p.m.•51 views

CVE-2021-3435

Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh

4CVSS4AI score0.00054EPSS

CVE•added 2021/10/12 10:15 p.m.•47 views

CVE-2021-3321

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

8.8CVSS8.2AI score0.00116EPSS

CVE•added 2021/10/05 9:15 p.m.•46 views

CVE-2021-3319

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adv...

9.8CVSS8.1AI score0.0042EPSS

CVE•added 2021/10/12 10:15 p.m.•37 views

CVE-2021-3323

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

9.8CVSS9.2AI score0.00413EPSS

CVE•added 2023/02/26 7:15 a.m.•37 views

CVE-2021-3329

Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack

9.6CVSS6.8AI score0.00052EPSS

CVE•added 2021/10/12 10:15 p.m.•37 views

CVE-2021-3330

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-94...

8.8CVSS8.1AI score0.00109EPSS

CVE•added 2021/10/05 9:15 p.m.•37 views

CVE-2021-3436

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyr...

6.5CVSS5.5AI score0.00315EPSS

CVE•added 2021/10/12 10:15 p.m.•36 views

CVE-2021-3322

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

6.5CVSS6.5AI score0.00095EPSS