Vulnerabilities (CVE)

Filtered by vendor Zephyrproject Subscribe
Total 91 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3432 1 Zephyrproject 1 Zephyr 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
CVE-2021-3431 1 Zephyrproject 1 Zephyr 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
CVE-2021-3430 1 Zephyrproject 1 Zephyr 2024-11-21 5.0 MEDIUM 6.5 MEDIUM
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
CVE-2021-3330 1 Zephyrproject 1 Zephyr 2024-11-21 5.8 MEDIUM 7.1 HIGH
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
CVE-2021-3329 1 Zephyrproject 1 Zephyr 2024-11-21 N/A 9.6 CRITICAL
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 HIGH 8.3 HIGH
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVE-2021-3322 1 Zephyrproject 1 Zephyr 2024-11-21 3.3 LOW 6.5 MEDIUM
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
CVE-2021-3321 1 Zephyrproject 1 Zephyr 2024-11-21 5.8 MEDIUM 7.5 HIGH
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
CVE-2021-3320 1 Zephyrproject 1 Zephyr 2024-11-21 5.0 MEDIUM 5.9 MEDIUM
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
CVE-2021-3319 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 HIGH 6.5 MEDIUM
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
CVE-2020-13603 1 Zephyrproject 1 Zephyr 2024-11-21 4.6 MEDIUM 6.9 MEDIUM
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
CVE-2020-13602 1 Zephyrproject 1 Zephyr 2024-11-21 2.1 LOW 4.0 MEDIUM
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
CVE-2020-13601 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 HIGH 9.0 CRITICAL
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
CVE-2020-13600 1 Zephyrproject 1 Zephyr 2024-11-21 7.2 HIGH 7.0 HIGH
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
CVE-2020-13599 1 Zephyrproject 1 Zephyr 2024-11-21 2.1 LOW 3.3 LOW
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
CVE-2020-13598 1 Zephyrproject 1 Zephyr 2024-11-21 4.6 MEDIUM 6.3 MEDIUM
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
CVE-2020-10072 1 Zephyrproject 1 Zephyr 2024-11-21 4.6 MEDIUM 5.9 MEDIUM
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
CVE-2020-10071 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 HIGH 9.0 CRITICAL
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-10070 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 HIGH 9.0 CRITICAL
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-10069 1 Zephyrproject 1 Zephyr 2024-11-21 3.3 LOW 4.3 MEDIUM
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp