Zephyrproject

Zephyr

106 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2020-13599

  • EPSS 0.04%
  • Published 25.05.2021 17:15:07
  • Last modified 21.11.2024 05:01:35

Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q

7.6

CVE-2020-13600

  • EPSS 0.05%
  • Published 25.05.2021 17:15:07
  • Last modified 21.11.2024 05:01:35

Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86...

9.8

CVE-2020-13601

  • EPSS 0.43%
  • Published 25.05.2021 17:15:07
  • Last modified 21.11.2024 05:01:35

Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44

5.5

CVE-2020-13602

  • EPSS 0.11%
  • Published 25.05.2021 17:15:07
  • Last modified 21.11.2024 05:01:35

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrpr...

7.8

CVE-2020-13603

  • EPSS 0.06%
  • Published 25.05.2021 17:15:07
  • Last modified 21.11.2024 05:01:35

Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45

9.8

CVE-2020-10071

  • EPSS 13.9%
  • Published 05.06.2020 18:15:13
  • Last modified 21.11.2024 04:54:44

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later v...

8.8

CVE-2020-10061

  • EPSS 0.1%
  • Published 05.06.2020 18:15:12
  • Last modified 21.11.2024 04:54:43

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

9.8

CVE-2020-10062

  • EPSS 5.82%
  • Published 05.06.2020 18:15:12
  • Last modified 21.11.2024 04:54:43

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

7.5

CVE-2020-10063

  • EPSS 1.87%
  • Published 05.06.2020 18:15:12
  • Last modified 21.11.2024 04:54:43

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

6.5

CVE-2020-10068

  • EPSS 0.08%
  • Published 05.06.2020 18:15:12
  • Last modified 21.11.2024 04:54:44

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 a...