CVE-2017-14202Improper Restriction of Operations within the Bounds of a Memory Buffer in Zephyr

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 63.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject ZephyrZephyr Shell
Timeline
PublishedAug 29
Latest updateMay 24

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyr/shellprior to 1.14.0
NVDzephyrproject/zephyr< 1.14.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-vf72-2cwh-56f9: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet conne2022-05-24
CVEList
The shell implementation does not protect against buffer overruns resulting in unpredictable behavior.2019-08-29
CVE-2017-14202 — Zephyrproject Zephyr vulnerability | cvebase