Zephyr Security Vulnerabilities and Issues — Zephyr CVE List

Lucene search

ZephyrprojectZephyr

27 matches found

CVE•added 2020/06/05 6:15 p.m.•105 views

CVE-2020-10071

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

9.8CVSS10AI score0.13899EPSS

CVE•added 2020/06/05 6:15 p.m.•104 views

CVE-2020-10062

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

9.8CVSS9.8AI score0.05817EPSS

CVE•added 2020/06/05 6:15 p.m.•104 views

CVE-2020-10070

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

9.8CVSS9.9AI score0.06474EPSS

CVE•added 2023/10/13 10:15 p.m.•93 views

CVE-2023-4257

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

9.8CVSS8.8AI score0.00433EPSS

CVE•added 2024/02/19 10:15 p.m.•73 views

CVE-2024-1638

The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true ...

9.1CVSS8.2AI score0.00217EPSS

CVE•added 2022/12/12 1:50 a.m.•59 views

CVE-2022-2993

There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.

9.8CVSS9.3AI score0.00109EPSS

CVE•added 2024/11/15 11:15 p.m.•56 views

CVE-2024-11263

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.

9.3CVSS9.3AI score0.0003EPSS

CVE•added 2025/02/25 8:15 a.m.•56 views

CVE-2025-1675

The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.

9.1CVSS7.2AI score0.00119EPSS

CVE•added 2020/05/11 11:15 p.m.•52 views

CVE-2020-10022

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later ve...

9.8CVSS9.6AI score0.01697EPSS

CVE•added 2021/10/05 9:15 p.m.•49 views

CVE-2021-3625

Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363

9.8CVSS9.7AI score0.05556EPSS

CVE•added 2021/10/05 9:15 p.m.•45 views

CVE-2021-3319

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adv...

9.8CVSS8.1AI score0.0042EPSS

CVE•added 2023/10/06 9:15 p.m.•45 views

CVE-2023-3725

Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem

9.8CVSS9AI score0.00562EPSS

CVE•added 2023/11/21 6:15 p.m.•44 views

CVE-2023-5055

Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.

9.8CVSS6.3AI score0.00496EPSS

CVE•added 2019/04/12 5:29 p.m.•42 views

CVE-2017-14199

A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.

9.8CVSS9.6AI score0.00548EPSS

CVE•added 2024/02/18 8:15 a.m.•41 views

CVE-2023-6249

Signed to unsigned conversion esp32_ipm_send

9.8CVSS7.8AI score0.00233EPSS

CVE•added 2023/01/19 6:15 a.m.•40 views

CVE-2023-0397

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.

9.6CVSS6.7AI score0.00031EPSS

CVE•added 2024/02/18 8:15 a.m.•40 views

CVE-2023-5779

can: out of bounds in remove_rx_filter function

9.8CVSS4.8AI score0.00095EPSS

CVE•added 2018/09/06 5:29 p.m.•36 views

CVE-2018-1000800

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_...

9.8CVSS9AI score0.00372EPSS

CVE•added 2021/10/12 10:15 p.m.•36 views

CVE-2021-3323

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

9.8CVSS9.2AI score0.00413EPSS

CVE•added 2023/02/26 7:15 a.m.•36 views

CVE-2021-3329

Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack

9.6CVSS6.8AI score0.00052EPSS

CVE•added 2023/01/11 5:15 a.m.•34 views

CVE-2021-3966

usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.

9.6CVSS9AI score0.00055EPSS

CVE•added 2023/01/25 2:1 a.m.•34 views

CVE-2022-3806

Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.

9.8CVSS9.5AI score0.00098EPSS

CVE•added 2021/05/25 5:15 p.m.•33 views

CVE-2020-13601

Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44

9.8CVSS9.3AI score0.00433EPSS

CVE•added 2024/02/18 7:15 a.m.•32 views

CVE-2023-6749

Unchecked length coming from user input in settings shell

9.8CVSS7.9AI score0.00233EPSS

CVE•added 2021/05/25 5:15 p.m.•31 views

CVE-2020-10064

Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7

9.8CVSS9.3AI score0.00438EPSS

CVE•added 2023/09/27 3:19 p.m.•29 views

CVE-2023-4264

Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.

9.6CVSS8.7AI score0.00231EPSS

CVE•added 2024/02/29 1:42 a.m.•27 views

CVE-2023-6881

Possible buffer overflow in is_mount_point

9.8CVSS7.4AI score0.00323EPSS