First published: Mon Sep 25 2023(Updated: )
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Credit: vulnerabilities@zephyrproject.org vulnerabilities@zephyrproject.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zephyrproject Zephyr | <3.4.0 | |
<3.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-4258.
CVE-2023-4258 has a severity rating of 6.5 (high).
The Zephyrproject Zephyr software versions up to exclusive version 3.4.0 are affected by CVE-2023-4258.
CVE-2023-4258 has a CWE ID of 684.
You can find more information about CVE-2023-4258 in the following link: [CVE-2023-4258](https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7).