CVE-2023-4424 — Integer Overflow or Wraparound in Zephyr

CWE-190 — Integer Overflow or Wraparound CWE-120 — Classic Buffer Overflow2 documents2 sources

Severity

8.8HIGHNVD

CNA8.3

EPSS

0.1%

top 66.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedNov 21

Description

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zephyrproject-rtos/zephyr* — 3.5

▶NVDzephyrproject/zephyr3.4.0

🔴Vulnerability Details

CVEList

bt: hci: DoS and possible RCE↗2023-11-21

▶