Zephyr Security Vulnerabilities and Issues — Zephyr CVE List

Lucene search

ZephyrprojectZephyr

11 matches found

CVE•added 2021/10/19 11:15 p.m.•87 views

CVE-2021-3454

Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29...

7.5CVSS5.9AI score0.00334EPSS

CVE•added 2021/10/19 11:15 p.m.•81 views

CVE-2021-3455

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp

7.5CVSS6AI score0.00393EPSS

CVE•added 2021/10/05 9:15 p.m.•49 views

CVE-2021-3625

Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363

9.8CVSS9.7AI score0.05556EPSS

CVE•added 2021/10/12 10:15 p.m.•46 views

CVE-2021-3321

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

8.8CVSS8.2AI score0.00116EPSS

CVE•added 2021/10/05 9:15 p.m.•45 views

CVE-2021-3319

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adv...

9.8CVSS8.1AI score0.0042EPSS

CVE•added 2021/10/05 9:15 p.m.•38 views

CVE-2021-3510

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2021/10/05 9:15 p.m.•37 views

CVE-2021-3581

Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5

8.8CVSS7.9AI score0.00151EPSS

CVE•added 2021/10/12 10:15 p.m.•36 views

CVE-2021-3323

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

9.8CVSS9.2AI score0.00413EPSS

CVE•added 2021/10/12 10:15 p.m.•36 views

CVE-2021-3330

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-94...

8.8CVSS8.1AI score0.00109EPSS

CVE•added 2021/10/05 9:15 p.m.•36 views

CVE-2021-3436

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyr...

6.5CVSS5.5AI score0.00315EPSS

CVE•added 2021/10/12 10:15 p.m.•35 views

CVE-2021-3322

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

6.5CVSS6.5AI score0.00095EPSS