cbcvebase.

Zephyrproject Zephyr vulnerabilities

136 known vulnerabilities affecting zephyrproject/zephyr.

Total CVEs
136
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL22HIGH58MEDIUM51LOW5

Vulnerabilities

Page 3 of 7
CVE-2025-1674P3HIGHCVSS 8.2≤ 4.02025-02-25
CVE-2025-1674 [HIGH] CWE-125 CVE-2025-1674: A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
nvd
CVE-2021-3319P3CRITICALCVSS 9.8≥ 2.4.0, < 2.5.02021-10-05
CVE-2021-3319 [CRITICAL] CWE-476 CVE-2021-3319: DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2. DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
nvd
CVE-2023-1901P3HIGHCVSS 8.0≤ 3.3.02023-07-10
CVE-2023-1901 [HIGH] CWE-787 CVE-2023-1901: The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronousl The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
nvd
CVE-2020-10027P3HIGHCVSS 7.8v1.14.0v2.1.02020-05-11
CVE-2020-10027 [HIGH] CWE-697 CVE-2020-10027: An attacker who has obtained code execution within a user thread is able to elevate privileges to th An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
nvd
CVE-2020-10024P3HIGHCVSS 7.8v1.14.2v2.1.02020-05-11
CVE-2020-10024 [HIGH] CWE-697 CVE-2020-10024: The arm platform-specific code uses a signed integer comparison when validating system call numbers. The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
nvd
CVE-2021-3434P3HIGHCVSS 7.8≥ 2.5.0, < 2.6.02022-06-28
CVE-2021-3434 [HIGH] CWE-121 CVE-2021-3434: Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Ove Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
nvd
CVE-2017-14202P3HIGHCVSS 7.8fixed in 1.14.02019-08-29
CVE-2017-14202 [HIGH] CWE-119 CVE-2017-14202: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell c Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
nvd
CVE-2023-5139P3HIGHCVSS 7.8≤ 3.4.02023-10-26
CVE-2023-5139 [HIGH] CWE-120 CVE-2023-5139: Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
nvd
CVE-2020-13601P3CRITICALCVSS 9.8≤ 1.14.2≥ 2.0.0, ≤ 2.3.02021-05-25
CVE-2020-13601 [CRITICAL] CWE-125 CVE-2020-13601: Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds R Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
nvd
CVE-2023-7060P3HIGHCVSS 7.5fixed in 3.6.02024-03-15
CVE-2023-7060 [HIGH] CWE-20 CVE-2023-7060: Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface wit Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
nvd
CVE-2022-2993P3CRITICALCVSS 9.8≤ 3.1.02022-12-09
CVE-2022-2993 [CRITICAL] CWE-670 CVE-2022-2993: There is an error in the condition of the last if-statement in the function smp_check_keys. It was r There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
nvd
CVE-2024-11263P3HIGHCVSS 8.4≤ 3.7.02024-11-15
CVE-2024-11263 [HIGH] CWE-270 CVE-2024-11263: When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points a When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
nvd
CVE-2017-14201P3HIGHCVSS 7.8fixed in 1.14.02019-08-29
CVE-2017-14201 [HIGH] CWE-416 CVE-2017-14201: Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause d Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
nvd
CVE-2020-10063P3HIGHCVSS 7.5≤ 2.2.02020-06-05
CVE-2020-10063 [HIGH] CWE-190 CVE-2020-10063: A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
nvd
CVE-2023-1902P3HIGHCVSS 8.0≤ 3.3.02023-07-10
CVE-2023-1902 [HIGH] CWE-416 CVE-2023-1902: The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
nvd
CVE-2020-10019P3HIGHCVSS 7.8fixed in 1.14.2≥ 2.0.0, ≤ 2.1.02020-05-11
CVE-2020-10019 [HIGH] CWE-120 CVE-2020-10019: USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
nvd
CVE-2023-0779P3HIGHCVSS 7.7≤ 3.2.02023-05-30
CVE-2023-0779 [HIGH] CWE-20 CVE-2023-0779: At the most basic level, an invalid pointer can be input that crashes the device, but with more know At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
nvd
CVE-2022-2741P3HIGHCVSS 7.5≤ 3.1.02022-10-31
CVE-2022-2741 [HIGH] CWE-400 CVE-2022-2741: The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the v
nvd
CVE-2024-10395P3HIGHCVSS 7.5≤ 3.7.02025-02-03
CVE-2024-10395 [HIGH] CWE-127 CVE-2024-10395: No proper validation of the length of user input in http_server_get_content_type_from_extension. No proper validation of the length of user input in http_server_get_content_type_from_extension.
nvd
CVE-2020-10067P3HIGHCVSS 7.8v1.14.1v2.1.02020-05-11
CVE-2020-10067 [HIGH] CWE-190 CVE-2020-10067: A malicious userspace application can cause a integer overflow and bypass security checks performed A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-
nvd