Zephyrproject

Zephyr

114 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-13601

  • EPSS 0.43%
  • Veröffentlicht 25.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:35

Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44

5.5

CVE-2020-13602

  • EPSS 0.11%
  • Veröffentlicht 25.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:35

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrpr...

7.8

CVE-2020-13603

  • EPSS 0.06%
  • Veröffentlicht 25.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:35

Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45

9.8

CVE-2020-10071

  • EPSS 13.9%
  • Veröffentlicht 05.06.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:54:44

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later v...

8.8

CVE-2020-10061

  • EPSS 0.1%
  • Veröffentlicht 05.06.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:43

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

9.8

CVE-2020-10062

  • EPSS 5.82%
  • Veröffentlicht 05.06.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:43

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

7.5

CVE-2020-10063

  • EPSS 1.87%
  • Veröffentlicht 05.06.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:43

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

6.5

CVE-2020-10068

  • EPSS 0.08%
  • Veröffentlicht 05.06.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:44

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 a...

9.8

CVE-2020-10070

  • EPSS 6.47%
  • Veröffentlicht 05.06.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:44

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

6.5

CVE-2020-10060

  • EPSS 2.97%
  • Veröffentlicht 11.05.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:43

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result...