CVE-2021-3835: Buffer overflow in usb device class
First published: Sat Oct 02 2021(Updated: )
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
Credit: vulnerabilities@zephyrproject.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zephyrproject Zephyr | >=2.6.0<2.7.1 | |
| Zephyrproject Zephyr | =3.0.0-rc1 | |
| Zephyrproject Zephyr | =3.0.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-3835?
CVE-2021-3835 is a vulnerability related to a buffer overflow in the USB device class in Zephyr versions >= v2.6.0.
What is the severity of CVE-2021-3835?
The severity of CVE-2021-3835 is high, with a severity value of 8.8.
How does CVE-2021-3835 impact Zephyr?
CVE-2021-3835 can lead to a heap-based buffer overflow in Zephyr versions >= v2.6.0.
Which software versions are affected by CVE-2021-3835?
Zephyr versions >= v2.6.0 and Zephyr 3.0.0-rc1 and 3.0.0-rc2 are affected by CVE-2021-3835.
How can I fix CVE-2021-3835?
To fix CVE-2021-3835, update Zephyr to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/zephyrproject
- canonical/zephyrproject zephyr
- version/zephyrproject zephyr/2.6.0
- version/zephyrproject zephyr/3.0.0-rc1
- version/zephyrproject zephyr/3.0.0-rc2