CVE-2020-10021 — Out-of-bounds Write in Zephyr

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

CNA8.1

EPSS

0.1%

top 77.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedMay 11

Latest updateMay 24

Description

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zephyrproject-rtos/zephyr1.14.1 — unspecified+1

▶NVDzephyrproject/zephyr2.1.0 — 2.2.0+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7r7c-7m5r-6gpx: Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zep↗2022-05-24

▶

CVEList

Out-of-bounds write in USB Mass Storage with unaligned sizes↗2020-05-11

▶