CVE-2017-14201Use After Free in Zephyr

CWE-416Use After Free3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.7%
top 28.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject ZephyrZephyr Shell
Timeline
PublishedAug 29
Latest updateMay 24

Description

Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyr/shellprior to 1.14.0
NVDzephyrproject/zephyr< 1.14.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-v422-67vr-jrj5: Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code executi2022-05-24
CVEList
The shell DNS command can cause unpredictable results due to misuse of stack variables.2019-08-29
CVE-2017-14201 — Use After Free in Zephyrproject Zephyr | cvebase