Latest zephyrproject zephyr Vulnerabilities

CVE-2023-5055
L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req()
Zephyrproject Zephyr<=3.4.0
CVE-2023-4424
bt: hci: DoS and possible RCE
Zephyrproject Zephyr<=3.4.0
CVE-2023-5139
Potential buffer overflow vulnerability in the Zephyr STM32 Crypto driver
Zephyrproject Zephyr<=3.4.0
CVE-2023-5753
Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem
Zephyrproject Zephyr<=3.4.0
CVE-2023-4257
Unchecked user input length in the Zephyr WiFi shell module
<=3.4.0
Zephyrproject Zephyr<=3.4.0
CVE-2023-4263
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
Zephyrproject Zephyr<=3.4.0
CVE-2023-5563
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, ca...
Zephyrproject Zephyr<=3.4.0
CVE-2023-3725
Potential buffer overflow vulnerability in the Zephyr CANbus subsystem
Zephyrproject Zephyr<=3.4.0
CVE-2023-5184
Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver
Zephyrproject Zephyr<=3.4.0
CVE-2023-4260
Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem
Zephyrproject Zephyr<=3.4.0
CVE-2023-4264
Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem
Zephyrproject Zephyr<=3.4.0
CVE-2023-4262
Potential buffer overflow vulnerabilities in the Zephyr Mgmt subsystem
Zephyrproject Zephyr<=3.4.0
CVE-2023-4259
Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver
Zephyrproject Zephyr<=3.4.0
CVE-2023-4258
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Zephyrproject Zephyr<3.4.0
CVE-2023-4265
Buffer overflow in Zephyr USB
Zephyrproject Zephyr<=3.3.0
CVE-2023-0359
A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
Zephyrproject Zephyr<=3.2.0
CVE-2023-1901
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference...
Zephyrproject Zephyr<=3.3.0
CVE-2023-1902
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in ...
Zephyrproject Zephyr<=3.3.0
CVE-2023-2234
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
Zephyrproject Zephyr<=3.3.0
CVE-2023-0779
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
Zephyrproject Zephyr<=3.2.0
CVE-2021-3329
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
Zephyrproject Zephyr=2.4.0
Zephyrproject Zephyr=2.4.0-rc1
Zephyrproject Zephyr=2.4.0-rc2
Zephyrproject Zephyr=2.4.0-rc3
CVE-2023-0397
Zephyrproject Zephyr<=3.2.0
CVE-2021-3966
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
Zephyrproject Zephyr<3.0.0
CVE-2022-0553
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
Zephyrproject Zephyr<3.0.0
CVE-2022-2993
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
Zephyrproject Zephyr<=3.1.0
CVE-2022-2741
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vu...
Zephyrproject Zephyr<=3.1.0
CVE-2022-1841
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
Zephyrproject Zephyr<=3.0.0
CVE-2022-1041
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
Zephyrproject Zephyr<=3.0.0
CVE-2022-1042
Zephyrproject Zephyr<=3.0.0
CVE-2021-3432
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisori...
Zephyrproject Zephyr>=1.14.0<2.6.0
CVE-2021-3433
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrpro...
Zephyrproject Zephyr>=2.5.0<2.6.0
CVE-2021-3435
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisorie...
Zephyrproject Zephyr>=2.4.0<2.6.0
CVE-2021-3434
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adv...
Zephyrproject Zephyr>=2.5.0<2.6.0
CVE-2021-3431
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advis...
Zephyrproject Zephyr>=2.5.0<2.6.0
CVE-2021-3861
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-...
Zephyrproject Zephyr>=2.6.0<=2.7.1
CVE-2021-3835
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/...
Zephyrproject Zephyr>=2.6.0<2.7.1
Zephyrproject Zephyr=3.0.0-rc1
Zephyrproject Zephyr=3.0.0-rc2
CVE-2021-3454
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more inf...
Zephyrproject Zephyr>=2.4.0<2.6.0
CVE-2021-3455
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrprojec...
Zephyrproject Zephyr>=2.4.0<2.6.0
CVE-2021-3322
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproj...
Zephyrproject Zephyr>=2.4.0<2.5.0
CVE-2021-3323
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zeph...
Zephyrproject Zephyr>=2.4.0<2.5.0
CVE-2021-3330
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more inform...
Zephyrproject Zephyr>=2.4.0<2.5.0
CVE-2021-3321
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://githu...
Zephyrproject Zephyr>=2.4.0<2.5.0
CVE-2021-3436
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resource...
Zephyrproject Zephyr=1.14.2
Zephyrproject Zephyr=2.4.0
Zephyrproject Zephyr=2.5.0
CVE-2021-3581
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-...
Zephyrproject Zephyr>=2.5.0<2.6.0
CVE-2021-3510
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://gi...
Zephyrproject Zephyr=1.14.0
Zephyrproject Zephyr=1.14.0-rc1
Zephyrproject Zephyr=1.14.0-rc2
Zephyrproject Zephyr=1.14.0-rc3
Zephyrproject Zephyr=1.14.1
Zephyrproject Zephyr=1.14.1-rc1
and 16 more
CVE-2021-3625
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adviso...
Zephyrproject Zephyr>=2.5.0<2.7.0
CVE-2021-3319
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (...
Zephyrproject Zephyr>=2.4.0<2.5.0
CVE-2021-3320
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advi...
Zephyrproject Zephyr>=2.0.0<=2.4.0
CVE-2020-10064
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more informatio...
Zephyrproject Zephyr<=1.14.2
Zephyrproject Zephyr>=2.0.0<=2.2.0
CVE-2020-13602
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For...
Zephyrproject Zephyr<=1.14.2
Zephyrproject Zephyr>=2.0.0<=2.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203