Zephyr Security Vulnerabilities and Issues — Zephyr CVE List

Lucene search

ZephyrprojectZephyr

26 matches found

CVE•added 2020/06/05 6:15 p.m.•102 views

CVE-2020-10061

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

8.8CVSS8.5AI score0.00097EPSS

CVE•added 2023/09/25 10:15 p.m.•95 views

CVE-2023-4258

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.

8.6CVSS7.4AI score0.00166EPSS

CVE•added 2023/09/26 12:15 a.m.•93 views

CVE-2023-4259

Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.

8.8CVSS8.3AI score0.00174EPSS

CVE•added 2023/10/13 9:15 p.m.•90 views

CVE-2023-4263

Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

8.8CVSS8.4AI score0.00084EPSS

CVE•added 2023/07/10 4:15 p.m.•77 views

CVE-2023-1901

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

8CVSS6.4AI score0.00209EPSS

CVE•added 2025/02/25 7:15 a.m.•66 views

CVE-2025-1673

A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.

8.2CVSS7AI score0.00222EPSS

CVE•added 2025/02/25 8:15 a.m.•65 views

CVE-2025-1674

A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.

8.2CVSS7.1AI score0.00109EPSS

CVE•added 2020/05/11 11:15 p.m.•62 views

CVE-2020-10060

In updatehub_probe, right after JSON parsing is complete, objects[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an inf...

8CVSS5.7AI score0.02972EPSS

CVE•added 2020/05/11 11:15 p.m.•58 views

CVE-2020-10019

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2....

8.1CVSS8AI score0.00089EPSS

CVE•added 2020/05/11 11:15 p.m.•57 views

CVE-2020-10021

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

8.1CVSS7.8AI score0.00077EPSS

CVE•added 2022/10/31 6:15 p.m.•57 views

CVE-2022-2741

The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain th...

8.2CVSS7.7AI score0.00069EPSS

CVE•added 2022/07/26 5:15 a.m.•55 views

CVE-2022-1041

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.

8.8CVSS8.6AI score0.00053EPSS

CVE•added 2024/03/15 7:15 p.m.•53 views

CVE-2023-7060

Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.

8.6CVSS8.6AI score0.00195EPSS

CVE•added 2022/07/26 5:15 a.m.•51 views

CVE-2022-1042

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.

8.8CVSS8.6AI score0.00053EPSS

CVE•added 2022/02/07 10:15 p.m.•49 views

CVE-2021-3835

Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf

8.8CVSS8.8AI score0.00116EPSS

CVE•added 2021/10/12 10:15 p.m.•46 views

CVE-2021-3321

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

8.8CVSS8.2AI score0.00116EPSS

CVE•added 2022/02/07 10:15 p.m.•45 views

CVE-2021-3861

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj

8.2CVSS7.2AI score0.00049EPSS

CVE•added 2023/09/27 6:15 p.m.•42 views

CVE-2023-5184

Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.

8.8CVSS8.3AI score0.00295EPSS

CVE•added 2024/09/13 7:15 p.m.•38 views

CVE-2024-5754

BT: Encryption procedure host vulnerability

8.2CVSS7.3AI score0.00041EPSS

CVE•added 2021/10/05 9:15 p.m.•37 views

CVE-2021-3581

Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5

8.8CVSS7.9AI score0.00151EPSS

CVE•added 2021/10/12 10:15 p.m.•36 views

CVE-2021-3330

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-94...

8.8CVSS8.1AI score0.00109EPSS

CVE•added 2021/05/25 5:15 p.m.•34 views

CVE-2020-10065

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c

8.8CVSS6.4AI score0.00205EPSS

CVE•added 2023/07/10 4:15 p.m.•31 views

CVE-2023-2234

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.

8.8CVSS7.7AI score0.00039EPSS

CVE•added 2023/07/10 4:15 p.m.•30 views

CVE-2023-1902

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

8CVSS6.3AI score0.00169EPSS

CVE•added 2023/10/25 6:17 p.m.•27 views

CVE-2023-5753

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c

8.8CVSS7.5AI score0.00231EPSS

CVE•added 2023/11/21 7:15 a.m.•25 views

CVE-2023-4424

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

8.8CVSS8.9AI score0.00135EPSS