Summary
Detail | |||
---|---|---|---|
Vendor | Zephyrproject | First view | 2020-05-11 |
Product | Zephyr | Last view | 2023-11-21 |
Version | 1.14.0 | Type | Os |
Update | rc1 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:zephyrproject:zephyr |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2023-11-21 | CVE-2023-5055 | Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. |
8.8 | 2023-11-21 | CVE-2023-4424 | An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. |
7.8 | 2023-10-26 | CVE-2023-5139 | Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver |
8.8 | 2023-10-25 | CVE-2023-5753 | Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c |
7.5 | 2023-10-13 | CVE-2023-5563 | The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. |
8.8 | 2023-10-13 | CVE-2023-4263 | Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver |
9.8 | 2023-10-13 | CVE-2023-4257 | Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. |
9.8 | 2023-10-06 | CVE-2023-3725 | Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem |
8.8 | 2023-09-27 | CVE-2023-5184 | Â Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. |
9.6 | 2023-09-27 | CVE-2023-4264 | Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. |
10 | 2023-09-27 | CVE-2023-4262 | Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled |
10 | 2023-09-27 | CVE-2023-4260 | Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. |
8.8 | 2023-09-26 | CVE-2023-4259 | Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. |
6.5 | 2023-09-25 | CVE-2023-4258 | In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. |
6.8 | 2023-08-12 | CVE-2023-4265 | Potential buffer overflow vulnerabilities in the following locations: |
8.8 | 2023-07-10 | CVE-2023-2234 | Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. |
8 | 2023-07-10 | CVE-2023-1902 | The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. |
8 | 2023-07-10 | CVE-2023-1901 | The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. |
7.5 | 2023-07-10 | CVE-2023-0359 | A missing nullptr-check in handle_ra_input can cause a nullptr-deref. |
7.7 | 2023-05-30 | CVE-2023-0779 | At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. |
6.8 | 2023-01-25 | CVE-2023-0396 | A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. |
9.8 | 2023-01-25 | CVE-2022-3806 | Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. |
6.5 | 2023-01-19 | CVE-2023-0397 | A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. |
4.6 | 2023-01-11 | CVE-2022-0553 | There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. |
8.8 | 2023-01-11 | CVE-2021-3966 | usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (17) | CWE-787 | Out-of-bounds Write |
23% (14) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
10% (6) | CWE-476 | NULL Pointer Dereference |
5% (3) | CWE-617 | Reachable Assertion |
3% (2) | CWE-416 | Use After Free |
3% (2) | CWE-193 | Off-by-one Error |
3% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
3% (2) | CWE-190 | Integer Overflow or Wraparound |
3% (2) | CWE-125 | Out-of-bounds Read |
3% (2) | CWE-20 | Improper Input Validation |
1% (1) | CWE-681 | Incorrect Conversion between Numeric Types |
1% (1) | CWE-665 | Improper Initialization |
1% (1) | CWE-415 | Double Free |
1% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (1) | CWE-369 | Divide By Zero |
1% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
1% (1) | CWE-276 | Incorrect Default Permissions |
1% (1) | CWE-131 | Incorrect Calculation of Buffer Size |