Vulnerabilities (CVE)

Filtered by vendor Zephyrproject Subscribe
Filtered by product Zephyr
Total 91 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10058 1 Zephyrproject 1 Zephyr 2024-02-28 4.6 MEDIUM 7.8 HIGH
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
CVE-2020-10062 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-10063 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-10067 1 Zephyrproject 1 Zephyr 2024-02-28 7.2 HIGH 7.8 HIGH
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
CVE-2020-10070 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVE-2020-10022 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
CVE-2020-10061 1 Zephyrproject 1 Zephyr 2024-02-28 5.8 MEDIUM 8.8 HIGH
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
CVE-2017-14201 1 Zephyrproject 1 Zephyr 2024-02-28 4.6 MEDIUM 7.8 HIGH
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
CVE-2017-14202 1 Zephyrproject 1 Zephyr 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
CVE-2017-14199 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
CVE-2018-1000800 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).