CVE-2020-10023Classic Buffer Overflow in Zephyr

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
6.8MEDIUMNVD
CNA6.9
EPSS
0.4%
top 40.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedMay 11
Latest updateMay 24

Description

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr1.14.0unspecified+1
NVDzephyrproject/zephyr1.14.1, 2.1.0+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-ccj2-xhg7-jrxc: The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resultin2022-05-24
CVEList
Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim2020-05-11
CVE-2020-10023 — Classic Buffer Overflow in Zephyr | cvebase