CVE-2021-3329Improper Check or Handling of Exceptional Conditions in Zephyr

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-665Improper Initialization3 documents3 sources
Severity
6.5MEDIUMNVD
CNA9.6
EPSS
0.2%
top 55.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedFeb 26

Description

Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyrunspecifiedv2.4

🔴Vulnerability Details

2
GHSA
GHSA-gmxc-973j-62f2: Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack2023-02-26
CVEList
DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer2023-02-26
CVE-2021-3329 — Zephyrproject-rtos Zephyr vulnerability | cvebase