CVE-2020-10069

EPSS 0.1%
Published 25.05.2021 17:15:07
Last modified 21.11.2024 04:54:44
Source vulnerabilities@zephyrproject.
Teams watchlist Login
Open Login

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zephyrproject ≫ Zephyr Version <= 1.14.2

Zephyrproject ≫ Zephyr Version >= 2.0.0 <= 2.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.24

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P
vulnerabilities@zephyrproject.org	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-233 Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-10069

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10069

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10069

EUVD