CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
41.6%
libzephyr.so is vulnerable to Buffer Overflow. The vulnerability is caused by the insecure use of the sprintf()
function. If the path parameter is PATH_MAX
characters long, the sprintf()
function will write one NULL byte off the stack variable mount_path
. When the path parameter is attacker-controlled and crosses a security boundary, the attacker is able to exploit this vulnerability to cause a denial of service attacks or even execute arbitrary code.
packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
seclists.org/fulldisclosure/2023/Nov/1
www.openwall.com/lists/oss-security/2023/11/07/1
github.com/zephyrproject-rtos/zephyr/commit/3521c95c2fb6b9befc1ae782ef9e9eb47ca31dae
github.com/zephyrproject-rtos/zephyr/pull/63079
github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh