CVE-2020-10064: Buffer Overflow
First published: Tue May 25 2021(Updated: )
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
Credit: vulnerabilities@zephyrproject.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zephyrproject Zephyr | <=1.14.2 | |
| Zephyrproject Zephyr | >=2.0.0<=2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-10064?
CVE-2020-10064 refers to a vulnerability that exists in Zephyr versions >= v1.14.2 and >= v2.2.0, which can lead to stack-based and heap-based buffer overflow.
What is the severity of CVE-2020-10064?
CVE-2020-10064 has a severity level of 9.8 (critical).
How does CVE-2020-10064 affect Zephyr software?
CVE-2020-10064 affects Zephyr versions >= v1.14.2 and >= v2.2.0. It introduces stack-based and heap-based buffer overflow vulnerabilities.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-10064?
CVE-2020-10064 is associated with CWE-121 (Stack-based Buffer Overflow) and CWE-122 (Heap-based Buffer Overflow).
How can I get more information about CVE-2020-10064?
For more information about CVE-2020-10064, you can visit the advisory page at http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
- collector/nvd-index
- vendor/zephyrproject
- canonical/zephyrproject zephyr
- version/zephyrproject zephyr/1.14.2
- version/zephyrproject zephyr/2.0.0
- version/zephyrproject zephyr/2.2.0