CVE-2022-1841Out-of-bounds Write in Zephyr

CWE-787Out-of-bounds Write2 documents2 sources
Severity
5.3MEDIUMNVD
CNA7.2
EPSS
0.2%
top 52.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedAug 31

Description

In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyrunspecifiedv3.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Out-of-bound write in tcp_flags2022-08-31
CVE-2022-1841 — Out-of-bounds Write in Zephyr | cvebase