Zephyrproject Zephyr vulnerabilities
136 known vulnerabilities affecting zephyrproject/zephyr.
Total CVEs
136
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL22HIGH58MEDIUM51LOW5
Vulnerabilities
Page 1 of 7
CVE-2020-10071P2CRITICALCVSS 9.8≤ 2.2.02020-06-05
CVE-2020-10071 [CRITICAL] CWE-120 CVE-2020-10071: The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages,
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2020-10062P3CRITICALCVSS 9.8≤ 2.2.02020-06-05
CVE-2020-10062 [CRITICAL] CWE-193 CVE-2020-10062: An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2020-10070P3CRITICALCVSS 9.8≤ 2.2.02020-06-05
CVE-2020-10070 [CRITICAL] CWE-120 CVE-2020-10070: In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possib
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2020-10022P3CRITICALCVSS 9.8v2.1.0v2.2.02020-05-11
CVE-2020-10022 [CRITICAL] CWE-120 CVE-2020-10022: A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
nvd
CVE-2026-8023P3HIGHCVSS 7.5≥ 4.0.0, < 4.5.02026-06-29
CVE-2026-8023 [HIGH] CWE-22 CVE-2026-8023: Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE
Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled request path into client-url_buffer (assembled in
nvd
CVE-2026-1678P3CRITICALCVSS 9.8≤ 4.3.02026-03-05
CVE-2026-1678 [CRITICAL] CWE-787 CVE-2026-1678: dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the b
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
nvd
CVE-2021-3625P3CRITICALCVSS 9.8≥ 2.5.0, < 2.7.02021-10-05
CVE-2021-3625 [CRITICAL] CWE-122 CVE-2021-3625: Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overfl
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
nvd
CVE-2023-4260P3CRITICALCVSS 10.0≤ 3.4.02023-09-27
CVE-2023-4260 [CRITICAL] CWE-120 CVE-2023-4260: Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
nvd
CVE-2018-1000800P3CRITICALCVSS 9.8v1.12.02018-09-06
CVE-2018-1000800 [CRITICAL] CWE-476 CVE-2018-1000800: zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).
nvd
CVE-2023-3725P3CRITICALCVSS 9.8≤ 3.4.02023-10-06
CVE-2023-3725 [CRITICAL] CWE-120 CVE-2023-3725: Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
nvd
CVE-2020-10064P3CRITICALCVSS 9.8≤ 1.14.2≥ 2.0.0, ≤ 2.2.02021-05-25
CVE-2020-10064 [CRITICAL] CWE-121 CVE-2020-10064: Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 cont
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
nvd
CVE-2023-4424P3HIGHCVSS 8.8≤ 3.4.02023-11-21
CVE-2023-4424 [HIGH] CWE-190 CVE-2023-4424: An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
nvd
CVE-2023-4257P3CRITICALCVSS 9.8≤ 3.4.02023-10-13
CVE-2023-4257 [CRITICAL] CWE-120 CVE-2023-4257: Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
nvd
CVE-2023-6749P3CRITICALCVSS 9.8≤ 3.5.02024-02-18
CVE-2023-6749 [CRITICAL] CWE-121 CVE-2023-6749: Unchecked length coming from user input in settings shell
Unchecked length coming from user input in settings shell
nvd
CVE-2023-4264P3CRITICALCVSS 9.6≤ 3.4.02023-09-27
CVE-2023-4264 [CRITICAL] CWE-120 CVE-2023-4264: Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
nvd
CVE-2024-1638P3CRITICALCVSS 9.1≤ 3.5.02024-02-19
CVE-2024-1638 [CRITICAL] CWE-20 CVE-2024-1638: The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_
nvd
CVE-2026-10643P3HIGHCVSS 8.7≥ 3.6.0, < 4.5.02026-06-28
CVE-2026-10643 [HIGH] CWE-787 CVE-2026-10643: Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()
Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full control message consisting of an aligned cmsg header plus the payload. Because the check omitted the cmsg
nvd
CVE-2017-14199P3CRITICALCVSS 9.8v1.9.0v1.10.02019-04-12
CVE-2017-14199 [CRITICAL] CWE-119 CVE-2017-14199: A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
nvd
CVE-2023-4259P3HIGHCVSS 8.8≤ 3.4.02023-09-26
CVE-2023-4259 [HIGH] CWE-120 CVE-2023-4259: Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi drive
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
nvd
CVE-2023-4263P3HIGHCVSS 8.8≤ 3.4.02023-10-13
CVE-2023-4263 [HIGH] CWE-120 CVE-2023-4263: Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
nvd
1 / 7Next →