What is the vulnerability ID?

The vulnerability ID is CVE-2021-3510.

What is the severity of CVE-2021-3510?

The severity of CVE-2021-3510 is high.

What software versions are affected by CVE-2021-3510?

Zephyr versions >=1.14.0 and >=2.5.0 are affected by CVE-2021-3510.

What is the CWE ID associated with CVE-2021-3510?

The CWE ID associated with CVE-2021-3510 is CWE-588.

Where can I find more information about CVE-2021-3510?

You can find more information about CVE-2021-3510 at the following link: http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

Vulnerability/
CVE-2021-3510

high

7.5

CWE

588

5/10/2021

16/9/2024

CVE-2021-3510: Zephyr JSON decoder incorrectly decodes array of array

First published: Tue Oct 05 2021(Updated: )

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

Credit: vulnerabilities@zephyrproject.org

Affected Software	Affected Version	How to fix
Zephyr Project Manager	=1.14.0
Zephyr Project Manager	=1.14.0-rc1
Zephyr Project Manager	=1.14.0-rc2
Zephyr Project Manager	=1.14.0-rc3
Zephyr Project Manager	=1.14.1
Zephyr Project Manager	=1.14.1-rc1
Zephyr Project Manager	=1.14.1-rc2
Zephyr Project Manager	=1.14.1-rc3
Zephyr Project Manager	=1.14.2
Zephyr Project Manager	=1.14.3-rc1
Zephyr Project Manager	=1.14.3-rc2
Zephyr Project Manager	=2.5.0
Zephyr Project Manager	=2.5.0-rc1
Zephyr Project Manager	=2.5.0-rc2
Zephyr Project Manager	=2.5.0-rc3
Zephyr Project Manager	=2.5.0-rc4
Zephyr Project Manager	=2.5.1-rc1
Zephyr Project Manager	=2.6.0
Zephyr Project Manager	=2.6.0-rc1
Zephyr Project Manager	=2.6.0-rc2
Zephyr Project Manager	=2.6.0-rc3
Zephyr Project Manager	=2.6.1-rc1

Remedy

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

Never miss a vulnerability like this again

Reference Links

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-3510.
What is the severity of CVE-2021-3510?
The severity of CVE-2021-3510 is high.
What software versions are affected by CVE-2021-3510?
Zephyr versions >=1.14.0 and >=2.5.0 are affected by CVE-2021-3510.
What is the CWE ID associated with CVE-2021-3510?
The CWE ID associated with CVE-2021-3510 is CWE-588.
Where can I find more information about CVE-2021-3510?
You can find more information about CVE-2021-3510 at the following link: http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

agent/type
agent/softwarecombine
agent/weakness
agent/remedy
agent/severity
agent/author
agent/references
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zephyrproject
canonical/zephyr project manager
version/zephyr project manager/1.14.0
version/zephyr project manager/1.14.0-rc1
version/zephyr project manager/1.14.0-rc2
version/zephyr project manager/1.14.0-rc3
version/zephyr project manager/1.14.1
version/zephyr project manager/1.14.1-rc1
version/zephyr project manager/1.14.1-rc2
version/zephyr project manager/1.14.1-rc3
version/zephyr project manager/1.14.2
version/zephyr project manager/1.14.3-rc1
version/zephyr project manager/1.14.3-rc2
version/zephyr project manager/2.5.0
version/zephyr project manager/2.5.0-rc1
version/zephyr project manager/2.5.0-rc2
version/zephyr project manager/2.5.0-rc3
version/zephyr project manager/2.5.0-rc4
version/zephyr project manager/2.5.1-rc1
version/zephyr project manager/2.6.0
version/zephyr project manager/2.6.0-rc1
version/zephyr project manager/2.6.0-rc2
version/zephyr project manager/2.6.0-rc3
version/zephyr project manager/2.6.1-rc1