CVE-2023-5184Classic Buffer Overflow in Zephyr

CWE-120Classic Buffer OverflowCWE-195Signed to Unsigned Conversion ErrorCWE-681Incorrect Conversion between Numeric Types2 documents2 sources
Severity
8.8HIGHNVD
CNA7.0
EPSS
0.3%
top 46.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedSep 27

Description

Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr*3.4

🔴Vulnerability Details

1
CVEList
Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver2023-09-27
CVE-2023-5184 — Classic Buffer Overflow in Zephyr | cvebase