Skip to main content

Zephyr

137 CVEs product

Monthly

CVE-2023-4264 CRITICAL POC Act Now

Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-4260 CRITICAL POC Act Now

Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-4259 HIGH POC This Week

Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4258 MEDIUM PATCH This Month

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4265 MEDIUM POC This Month

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2023-2234 HIGH This Week

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1902 HIGH This Week

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-1901 HIGH This Week

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-0359 HIGH POC This Week

A missing nullptr-check in handle_ra_input can cause a nullptr-deref. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0779 HIGH This Week

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-0396 MEDIUM POC This Month

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-0397 MEDIUM POC This Month

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2993 CRITICAL Act Now

There is an error in the condition of the last if-statement in the function smp_check_keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2741 HIGH PATCH This Week

The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1841 MEDIUM PATCH This Month

In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-1042 HIGH POC This Week

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1041 HIGH POC This Week

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-3455 HIGH POC This Week

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3454 HIGH PATCH This Week

Truncated L2CAP K-frame causes assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-3330 HIGH POC This Week

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-3323 CRITICAL POC Act Now

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-3322 MEDIUM POC This Month

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3321 HIGH POC This Week

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-3625 CRITICAL POC Act Now

Buffer overflow in Zephyr USB DFU DNLOAD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3581 HIGH PATCH This Week

Buffer Access with Incorrect Length Value in zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-3510 HIGH PATCH This Week

Zephyr JSON decoder incorrectly decodes array of array. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-3436 MEDIUM POC This Month

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3319 CRITICAL POC Act Now

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-3320 HIGH This Week

Type Confusion in 802154 ACK Frames Handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10071 CRITICAL PATCH Act Now

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-10070 CRITICAL PATCH Act Now

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-10068 MEDIUM PATCH This Month

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10063 HIGH PATCH This Week

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10062 CRITICAL PATCH Act Now

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-10061 HIGH PATCH This Week

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-10067 HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10060 MEDIUM PATCH This Month

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-10059 MEDIUM PATCH This Month

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
4.8
EPSS
1.2%
CVE-2020-10058 HIGH PATCH This Week

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10028 HIGH PATCH This Week

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10027 HIGH PATCH This Week

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10024 HIGH PATCH This Week

The arm platform-specific code uses a signed integer comparison when validating system call numbers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10023 MEDIUM PATCH This Month

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-10022 CRITICAL PATCH Act Now

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-10021 HIGH PATCH This Week

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10019 HIGH PATCH This Week

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-1000800 CRITICAL POC Act Now

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Zephyr
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A missing nullptr-check in handle_ra_input can cause a nullptr-deref. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 7.7
HIGH This Week

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Zephyr
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Month

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zephyr
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is an error in the condition of the last if-statement in the function smp_check_keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Zephyr
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Truncated L2CAP K-frame causes assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Zephyr USB DFU DNLOAD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Zephyr
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Buffer Access with Incorrect Length Value in zephyr. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Zephyr JSON decoder incorrectly decodes array of array. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Type Confusion in 802154 ACK Frames Handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Zephyr
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Zephyr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Zephyr
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Zephyr
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zephyr
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The arm platform-specific code uses a signed integer comparison when validating system call numbers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zephyr
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zephyr
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy