CVE-2025-1673 — Out-of-bounds Read in Zephyr

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.4%

top 39.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedFeb 25

Description

A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶NVDzephyrproject/zephyr4.0

▶CVEListV5zephyrproject-rtos/zephyr* — 4.0

🔴Vulnerability Details

CVEList

Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg↗2025-02-25

▶

💥Exploits & PoCs

Nuclei

FOGProject <= 1.5.10.1673 - Authentication Bypass

▶