CVE-2022-1042: Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
First published: Mon Jul 25 2022(Updated: )
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
Credit: vulnerabilities@zephyrproject.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zephyrproject Zephyr | <=3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Zephyr bluetooth mesh core stack vulnerability?
The vulnerability ID of this Zephyr bluetooth mesh core stack vulnerability is CVE-2022-1042.
What is the severity rating of CVE-2022-1042?
CVE-2022-1042 has a severity rating of 8.8 (high).
How can the out-of-bound write vulnerability in the Zephyr bluetooth mesh core stack be triggered?
The out-of-bound write vulnerability in the Zephyr bluetooth mesh core stack can be triggered during provisioning.
Which version of Zephyr is affected by this vulnerability?
Zephyr version up to and including 3.0.0 is affected by this vulnerability.
Is there a fix available for CVE-2022-1042?
Yes, a fix is available for CVE-2022-1042. Please refer to the official advisory for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/zephyrproject
- canonical/zephyrproject zephyr
- version/zephyrproject zephyr/3.0.0