Zephyr
Monthly
Buffer overflow in Zephyr RTOS dns_unpack_name() function causing OOB writes. PoC available.
Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity.
Parameters are not validated or sanitized, and are later used in various internal operations. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The function responsible for handling BLE connection responses does not verify whether a response is expected-that is, whether the device has initiated a connection request. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2025-2962 is a denial-of-service vulnerability in a DNS implementation that triggers an infinite loop condition, allowing unauthenticated remote attackers to crash DNS services with high availability impact. The vulnerability affects DNS resolver implementations and has a CVSS score of 7.5 (High) with a network-based attack vector requiring no privileges or user interaction. While the CVE ID and basic metadata are provided, specific product names, versions, KEV status, EPSS scores, and public proof-of-concept availability cannot be confirmed from the limited data supplied.
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
No proper validation of the length of user input in http_server_get_content_type_from_extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Buffer overflow in Zephyr RTOS dns_unpack_name() function causing OOB writes. PoC available.
Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity.
Parameters are not validated or sanitized, and are later used in various internal operations. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The function responsible for handling BLE connection responses does not verify whether a response is expected-that is, whether the device has initiated a connection request. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2025-2962 is a denial-of-service vulnerability in a DNS implementation that triggers an infinite loop condition, allowing unauthenticated remote attackers to crash DNS services with high availability impact. The vulnerability affects DNS resolver implementations and has a CVSS score of 7.5 (High) with a network-based attack vector requiring no privileges or user interaction. While the CVE ID and basic metadata are provided, specific product names, versions, KEV status, EPSS scores, and public proof-of-concept availability cannot be confirmed from the limited data supplied.
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
No proper validation of the length of user input in http_server_get_content_type_from_extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.