VYPR

zephyr

by Zephyr OS

Source repositories

CVEs (7)

  • CVE-2023-4424HigNov 21, 2023
    risk 0.54cvss 8.3epss 0.00

    An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

  • CVE-2023-4263HigOct 13, 2023
    risk 0.49cvss 7.6epss 0.00

    Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

  • CVE-2021-3321HigOct 12, 2021
    risk 0.49cvss 7.5epss 0.01

    Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

  • CVE-2023-4259HigSep 26, 2023
    risk 0.46cvss 7.1epss 0.01

    Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.

  • CVE-2025-12899MedJan 30, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.

  • CVE-2017-14202HigAug 29, 2019
    risk 0.00cvss 7.8epss 0.01

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on…

  • CVE-2017-14201HigAug 29, 2019
    risk 0.00cvss 7.8epss 0.01

    Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.