6.1
CVE-2026-1681
- EPSS 0.14%
- Veröffentlicht 12.05.2026 05:39:02
- Zuletzt bearbeitet 08.07.2026 13:34:13
- Quelle vulnerabilities@zephyrproject.
- CVE-Watchlists
- Unerledigt
net: Stack Overflow with Ping (to own IP Address) via Shell
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zephyrproject ≫ Zephyr Version <= 4.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vulnerabilities@zephyrproject.org | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-6fcc-8rwr-w7xx