cbcvebase.

Zephyrproject-Rtos Zephyr vulnerabilities

128 known vulnerabilities affecting zephyrproject-rtos/zephyr.

Total CVEs
128
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL20HIGH61MEDIUM44LOW3

Vulnerabilities

Page 1 of 7
CVE-2020-10071P2CRITICALCVSS 9.8≥ 2.2.0, < unspecified2020-06-05
CVE-2020-10071 [CRITICAL] CWE-120 CVE-2020-10071: The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2026-5067P3CRITICALCVSS 9.8≥ 3.7.0, ≤ 4.3.02026-06-09
CVE-2026-5067 [CRITICAL] CWE-170 CVE-2026-5067: A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket u A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade h
nvd
CVE-2020-10062P3CRITICALCVSS 9.8≥ 2.2.0, < unspecified2020-06-05
CVE-2020-10062 [CRITICAL] CWE-193 CVE-2020-10062: An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2020-10070P3CRITICALCVSS 9.8≥ 2.2.0, < unspecified2020-06-05
CVE-2020-10070 [CRITICAL] CWE-120 CVE-2020-10070: In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possib In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2020-10022P3CRITICALCVSS 9.8≥ 2.1.0, < unspecified≥ 2.2.0, < unspecified2020-05-11
CVE-2020-10022 [CRITICAL] CWE-120 CVE-2020-10022: A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
nvd
CVE-2026-1678P3CRITICALCVSS 9.8≥ *, ≤ 4.32026-03-05
CVE-2026-1678 [CRITICAL] CWE-787 CVE-2026-1678: dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the b dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
nvd
CVE-2021-3625P3CRITICALCVSS 9.8≥ v2.5.0, < unspecified2021-10-05
CVE-2021-3625 [CRITICAL] CWE-122 CVE-2021-3625: Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overfl Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
nvd
CVE-2023-4260P3CRITICALCVSS 10.0≤ 3.42023-09-27
CVE-2023-4260 [CRITICAL] CWE-120 CVE-2023-4260: Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
nvd
CVE-2023-3725P3CRITICALCVSS 9.8≥ *, ≤ 3.42023-10-06
CVE-2023-3725 [CRITICAL] CWE-120 CVE-2023-3725: Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
nvd
CVE-2020-10064P3CRITICALCVSS 9.8≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10064 [CRITICAL] CWE-121 CVE-2020-10064: Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 cont Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
nvd
CVE-2023-4424P3HIGHCVSS 8.8≥ *, < 3.52023-11-21
CVE-2023-4424 [HIGH] CWE-190 CVE-2023-4424: An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
nvd
CVE-2023-4257P3CRITICALCVSS 9.8≤ 3.42023-10-13
CVE-2023-4257 [CRITICAL] CWE-120 CVE-2023-4257: Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
nvd
CVE-2023-6749P3CRITICALCVSS 9.8≥ *, ≤ 3.52024-02-18
CVE-2023-6749 [CRITICAL] CWE-121 CVE-2023-6749: Unchecked length coming from user input in settings shell Unchecked length coming from user input in settings shell
nvd
CVE-2023-4264P3CRITICALCVSS 9.6≤ 3.42023-09-27
CVE-2023-4264 [CRITICAL] CWE-120 CVE-2023-4264: Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
nvd
CVE-2024-1638P3CRITICALCVSS 9.1≥ *, ≤ 3.52024-02-19
CVE-2024-1638 [CRITICAL] CWE-20 CVE-2024-1638: The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_
nvd
CVE-2023-4259P3HIGHCVSS 8.8≥ 1.14, < 3.42023-09-26
CVE-2023-4259 [HIGH] CWE-120 CVE-2023-4259: Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi drive Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
nvd
CVE-2023-4263P3HIGHCVSS 8.8≤ 3.42023-10-13
CVE-2023-4263 [HIGH] CWE-120 CVE-2023-4263: Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
nvd
CVE-2026-1679P3HIGHCVSS 7.8≥ *, ≤ 4.32026-03-28
CVE-2026-1679 [HIGH] CWE-120 CVE-2026-1679: The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.
nvd
CVE-2025-1675P3CRITICALCVSS 9.1≥ *, ≤ 4.02025-02-25
CVE-2025-1675 [CRITICAL] CWE-125 CVE-2025-1675: The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted fie The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
nvd
CVE-2021-3835P3HIGHCVSS 8.8≥ v2.6.0, < unspecified2022-02-07
CVE-2021-3835 [HIGH] CWE-122 CVE-2021-3835: Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (C Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
nvd
Zephyrproject-Rtos Zephyr vulnerabilities | cvebase