CVE List

CVE-2020-10071

Severe 9.8

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

Published June 5, 2020.

Affected software

Get alerts for Zephyrproject Zephyr

Reference links