First published: Mon Feb 07 2022(Updated: )
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
Credit: vulnerabilities@zephyrproject.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zephyrproject Zephyr | >=2.6.0<=2.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3861 is a vulnerability in the RNDIS USB device class that includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 are affected.
The severity of CVE-2021-3861 is high with a CVSS score of 6.8.
CVE-2021-3861 affects Zephyr versions greater than or equal to v2.6.0.
CVE-2021-3861 is associated with CWE IDs 119, 787, and 122.
You can find more information about CVE-2021-3861 at the following link: http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj