Zephyrproject

Zephyr

106 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-3835

Exploit
  • EPSS 0.12%
  • Published 07.02.2022 22:15:08
  • Last modified 21.11.2024 06:22:34

Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf

7.2

CVE-2021-3861

Exploit
  • EPSS 0.05%
  • Published 07.02.2022 22:15:08
  • Last modified 21.11.2024 06:22:40

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxv...

7.5

CVE-2021-3454

  • EPSS 0.33%
  • Published 19.10.2021 23:15:07
  • Last modified 21.11.2024 06:21:34

Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rto...

7.5

CVE-2021-3455

Exploit
  • EPSS 0.39%
  • Published 19.10.2021 23:15:07
  • Last modified 21.11.2024 06:21:34

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v...

6.5

CVE-2021-3322

Exploit
  • EPSS 0.1%
  • Published 12.10.2021 22:15:08
  • Last modified 21.11.2024 06:21:17

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r...

9.8

CVE-2021-3323

Exploit
  • EPSS 0.41%
  • Published 12.10.2021 22:15:08
  • Last modified 21.11.2024 06:21:17

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j...

8.8

CVE-2021-3330

Exploit
  • EPSS 0.11%
  • Published 12.10.2021 22:15:08
  • Last modified 21.11.2024 06:21:18

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/z...

8.8

CVE-2021-3321

Exploit
  • EPSS 0.12%
  • Published 12.10.2021 22:15:07
  • Last modified 21.11.2024 06:21:17

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisorie...

9.8

CVE-2021-3319

Exploit
  • EPSS 0.42%
  • Published 05.10.2021 21:15:09
  • Last modified 21.11.2024 06:21:16

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github...

6.5

CVE-2021-3436

Exploit
  • EPSS 0.32%
  • Published 05.10.2021 21:15:09
  • Last modified 21.11.2024 06:21:30

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more in...