cbcvebase.

Zephyrproject-Rtos Zephyr vulnerabilities

128 known vulnerabilities affecting zephyrproject-rtos/zephyr.

Total CVEs
128
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL20HIGH61MEDIUM44LOW3

Vulnerabilities

Page 7 of 7
CVE-2020-13599P4LOWCVSS 3.3≥ 1.14.2, < unspecified≥ 2.3.0, < unspecified2021-05-25
CVE-2020-13599 [LOW] CWE-276 CVE-2020-13599: Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect D Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
nvd
CVE-2021-3435P4LOWCVSS 3.3≥ v2.4.0, < unspecified≥ v2.5.0, < unspecified2022-06-28
CVE-2021-3435 [LOW] CWE-908 CVE-2021-3435: Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
nvd
CVE-2021-3433P4LOWCVSS 3.3≥ v2.5.0, < unspecified2022-06-28
CVE-2021-3433 [LOW] CWE-703 CVE-2021-3433: Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
nvd
CVE-2024-5754HIGHCVSS 8.2≥ *, ≤ 3.62024-09-13
CVE-2024-5754 [HIGH] CWE-807 BT: Encryption procedure host vulnerability BT: Encryption procedure host vulnerability BT: Encryption procedure host vulnerability
cvelistv5
CVE-2023-6249HIGHCVSS 8.0≥ *, ≤ 3.52024-02-18
CVE-2023-6249 [HIGH] CWE-704 ipm: signed to unsigned conversion problem in esp32_ipm_send ipm: signed to unsigned conversion problem in esp32_ipm_send Signed to unsigned conversion esp32_ipm_send
cvelistv5
CVE-2024-6135HIGHCVSS 7.6≥ *, ≤ 3.62024-09-13
CVE-2024-6135 [HIGH] CWE-122 BT:Classic: Multiple missing buf length checks BT:Classic: Multiple missing buf length checks BT:Classic: Multiple missing buf length checks
cvelistv5
CVE-2023-6881HIGHCVSS 7.3≥ *, ≤ 3.52024-02-20
CVE-2023-6881 [HIGH] CWE-120 fs: fuse: buffer overflow vulnerability in the Zephyr FS fs: fuse: buffer overflow vulnerability in the Zephyr FS Possible buffer overflow in is_mount_point
cvelistv5
CVE-2023-5779MEDIUMCVSS 4.4≥ *, ≤ 3.52024-02-18
CVE-2023-5779 [MEDIUM] CWE-787 can: out of bounds in remove_rx_filter function can: out of bounds in remove_rx_filter function can: out of bounds in remove_rx_filter function
cvelistv5
Zephyrproject-Rtos Zephyr vulnerabilities | cvebase