CVE-2021-3322 — NULL Pointer Dereference in Zephyr

CWE-476 — NULL Pointer Dereference2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 73.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedOct 12

Description

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5zephyrproject-rtos/zephyr>=2.4.0 — unspecified

▶NVDzephyrproject/zephyr2.4.0 — 2.5.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr↗2021-10-12

▶