Zephyrproject-Rtos Zephyr vulnerabilities
118 known vulnerabilities affecting zephyrproject-rtos/zephyr.
Total CVEs
118
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL19HIGH57MEDIUM39LOW3
Vulnerabilities
Page 5 of 6
CVE-2021-3323CRITICALCVSS 9.8≥ >=2.4.0, < unspecified2021-10-12
CVE-2021-3323 [CRITICAL] CWE-191 CVE-2021-3323: Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
cvelistv5nvd
CVE-2021-3321HIGHCVSS 8.8≥ >=2.4.0, < unspecified2021-10-12
CVE-2021-3321 [HIGH] CWE-680 CVE-2021-3321: Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
cvelistv5nvd
CVE-2021-3330HIGHCVSS 8.8≥ >=2.4.0, < unspecified2021-10-12
CVE-2021-3330 [HIGH] CWE-787 CVE-2021-3330: RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragme
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
cvelistv5nvd
CVE-2021-3322MEDIUMCVSS 6.5≥ >=2.4.0, < unspecified2021-10-12
CVE-2021-3322 [MEDIUM] CWE-476 CVE-2021-3322: Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
cvelistv5nvd
CVE-2021-3319CRITICALCVSS 9.8≥ > v2.4.0, < unspecified2021-10-05
CVE-2021-3319 [CRITICAL] CWE-476 CVE-2021-3319: DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
cvelistv5nvd
CVE-2021-3625CRITICALCVSS 9.8≥ v2.5.0, < unspecified2021-10-05
CVE-2021-3625 [CRITICAL] CWE-122 CVE-2021-3625: Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overfl
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
cvelistv5nvd
CVE-2021-3581HIGHCVSS 8.8≥ >=2.5.0, < unspecified2021-10-05
CVE-2021-3581 [HIGH] CWE-805 CVE-2021-3581: Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Acces
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
cvelistv5nvd
CVE-2021-3510HIGHCVSS 7.5≥ >1.14.0, < unspecified≥ >2.5.0, < unspecified2021-10-05
CVE-2021-3510 [HIGH] CWE-588 CVE-2021-3510: Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contai
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
cvelistv5nvd
CVE-2021-3436MEDIUMCVSS 6.5≥ 1.14.2, < unspecified≥ 2.4.0, < unspecified+1 more2021-10-05
CVE-2021-3436 [MEDIUM] CWE-694 CVE-2021-3436: BT: Possible to overwrite an existing bond during keys distribution phase when the identity address
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
cvelistv5nvd
CVE-2020-13601CRITICALCVSS 9.8≥ 1.14.2, < unspecified≥ 2.3.0, < unspecified2021-05-25
CVE-2020-13601 [CRITICAL] CWE-125 CVE-2020-13601: Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds R
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
cvelistv5nvd
CVE-2020-10064CRITICALCVSS 9.8≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10064 [CRITICAL] CWE-121 CVE-2020-10064: Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 cont
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
cvelistv5nvd
CVE-2020-13603HIGHCVSS 7.8≥ 1.14.2, < unspecified≥ 2.4.0, < unspecified2021-05-25
CVE-2020-13603 [HIGH] CWE-190 CVE-2020-13603: Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
cvelistv5nvd
CVE-2021-3320HIGHCVSS 7.5≥ v2.4.0, < unspecified2021-05-25
CVE-2021-3320 [HIGH] CWE-476 CVE-2021-3320: Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Derefer
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
cvelistv5nvd
CVE-2020-10065HIGHCVSS 8.8≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10065 [HIGH] CWE-130 CVE-2020-10065: Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Imprope
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
cvelistv5nvd
CVE-2020-13598HIGHCVSS 7.8≥ v1.14.2, < unspecified≥ v2.3.0, < unspecified2021-05-25
CVE-2020-13598 [HIGH] CWE-121 CVE-2020-13598: FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >=
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
cvelistv5nvd
CVE-2020-13600HIGHCVSS 7.6≥ 1.14.2, < unspecified≥ 2.3.0, < unspecified2021-05-25
CVE-2020-13600 [HIGH] CWE-122 CVE-2020-13600: Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
cvelistv5nvd
CVE-2020-13602MEDIUMCVSS 5.5≥ 1.14.2, < unspecified≥ 2.2.0, < unspecified2021-05-25
CVE-2020-13602 [MEDIUM] CWE-20 CVE-2020-13602: Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Impro
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
cvelistv5nvd
CVE-2020-10066MEDIUMCVSS 5.7≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10066 [MEDIUM] CWE-476 CVE-2020-10066: Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL P
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr
cvelistv5nvd
CVE-2020-10072MEDIUMCVSS 5.3≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10072 [MEDIUM] CWE-280 CVE-2020-10072: Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
cvelistv5nvd
CVE-2020-10069MEDIUMCVSS 6.5≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10069 [MEDIUM] CWE-233 CVE-2020-10069: Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >=
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp
cvelistv5nvd