First published: Tue May 25 2021(Updated: )
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
Credit: vulnerabilities@zephyrproject.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zephyrproject Zephyr | <=1.14.2 | |
Zephyrproject Zephyr | >=2.0.0<=2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-13602.
The severity level of CVE-2020-13602 is medium (5.5).
The affected software for CVE-2020-13602 are Zephyr versions >= 1.14.2 and >= 2.2.0.
The CWE IDs associated with CVE-2020-13602 are CWE-20 and CWE-835.
To fix the vulnerability CVE-2020-13602, it is recommended to upgrade to a version of Zephyr that is not affected by this issue.