Vulnerabilities (CVE)

Filtered by vendor Zephyrproject Subscribe
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3434 1 Zephyrproject 1 Zephyr 2024-02-28 4.6 MEDIUM 7.8 HIGH
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
CVE-2021-3431 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
CVE-2021-3581 1 Zephyrproject 1 Zephyr 2024-02-28 5.8 MEDIUM 8.8 HIGH
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
CVE-2021-3330 1 Zephyrproject 1 Zephyr 2024-02-28 5.8 MEDIUM 8.8 HIGH
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
CVE-2021-3322 1 Zephyrproject 1 Zephyr 2024-02-28 3.3 LOW 6.5 MEDIUM
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
CVE-2021-3436 1 Zephyrproject 1 Zephyr 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
CVE-2021-3835 1 Zephyrproject 1 Zephyr 2024-02-28 5.8 MEDIUM 8.8 HIGH
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
CVE-2021-3454 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVE-2021-3455 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVE-2021-3625 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
CVE-2021-3861 1 Zephyrproject 1 Zephyr 2024-02-28 7.2 HIGH 6.8 MEDIUM
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
CVE-2021-3510 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
CVE-2021-3319 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
CVE-2021-3321 1 Zephyrproject 1 Zephyr 2024-02-28 5.8 MEDIUM 8.8 HIGH
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
CVE-2020-10069 1 Zephyrproject 1 Zephyr 2024-02-28 3.3 LOW 6.5 MEDIUM
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp
CVE-2020-13598 1 Zephyrproject 1 Zephyr 2024-02-28 4.6 MEDIUM 7.8 HIGH
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
CVE-2020-13600 1 Zephyrproject 1 Zephyr 2024-02-28 7.2 HIGH 7.6 HIGH
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
CVE-2020-10065 1 Zephyrproject 1 Zephyr 2024-02-28 5.8 MEDIUM 8.8 HIGH
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
CVE-2021-3320 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7