Zephyr
Source repositories
CVEs (141)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-10395 | 0.00 | — | 0.00 | Feb 3, 2025 | No proper validation of the length of user input in http_server_get_content_type_from_extension. | |||
| CVE-2024-8798 | 0.00 | — | 0.00 | Dec 15, 2024 | No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | |||
| CVE-2024-11263 | 0.00 | — | 0.00 | Nov 15, 2024 | When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols. | |||
| CVE-2024-6444 | 0.00 | — | 0.00 | Oct 4, 2024 | No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | |||
| CVE-2024-6443 | 0.00 | — | 0.01 | Oct 4, 2024 | In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | |||
| CVE-2024-6442 | 0.00 | — | 0.00 | Oct 4, 2024 | In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | |||
| CVE-2024-6259 | 0.00 | — | 0.01 | Sep 13, 2024 | BT: HCI: adv_ext_report Improper discarding in adv_ext_report | |||
| CVE-2024-6137 | 0.00 | — | 0.01 | Sep 13, 2024 | BT: Classic: SDP OOB access in get_att_search_list | |||
| CVE-2024-6135 | 0.00 | — | 0.00 | Sep 13, 2024 | BT:Classic: Multiple missing buf length checks | |||
| CVE-2024-5931 | 0.00 | — | 0.00 | Sep 13, 2024 | BT: Unchecked user input in bap_broadcast_assistant | |||
| CVE-2024-6258 | 0.00 | — | 0.00 | Sep 13, 2024 | BT: Missing length checks of net_buf in rfcomm_handle_data | |||
| CVE-2024-5754 | 0.00 | — | 0.00 | Sep 13, 2024 | BT: Encryption procedure host vulnerability | |||
| CVE-2024-4785 | 0.00 | — | 0.00 | Aug 19, 2024 | BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero | |||
| CVE-2024-3332 | 0.00 | — | 0.00 | Jul 3, 2024 | A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device | |||
| CVE-2024-3077 | 0.00 | — | 0.00 | Mar 29, 2024 | An malicious BLE device can crash BLE victim device by sending malformed gatt packet | |||
| CVE-2023-7060 | 0.00 | — | 0.00 | Mar 15, 2024 | Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address. | |||
| CVE-2023-6881 | 0.00 | — | 0.00 | Feb 20, 2024 | Possible buffer overflow in is_mount_point | |||
| CVE-2024-1638 | 0.00 | — | 0.00 | Feb 19, 2024 | The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access,… | |||
| CVE-2023-5779 | 0.00 | — | 0.00 | Feb 18, 2024 | can: out of bounds in remove_rx_filter function | |||
| CVE-2023-6249 | 0.00 | — | 0.00 | Feb 18, 2024 | Signed to unsigned conversion esp32_ipm_send |
- CVE-2024-10395Feb 3, 2025risk 0.00cvss —epss 0.00
No proper validation of the length of user input in http_server_get_content_type_from_extension.
- CVE-2024-8798Dec 15, 2024risk 0.00cvss —epss 0.00
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
- CVE-2024-11263Nov 15, 2024risk 0.00cvss —epss 0.00
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
- CVE-2024-6444Oct 4, 2024risk 0.00cvss —epss 0.00
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
- CVE-2024-6443Oct 4, 2024risk 0.00cvss —epss 0.01
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
- CVE-2024-6442Oct 4, 2024risk 0.00cvss —epss 0.00
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
- CVE-2024-6259Sep 13, 2024risk 0.00cvss —epss 0.01
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
- CVE-2024-6137Sep 13, 2024risk 0.00cvss —epss 0.01
BT: Classic: SDP OOB access in get_att_search_list
- CVE-2024-6135Sep 13, 2024risk 0.00cvss —epss 0.00
BT:Classic: Multiple missing buf length checks
- CVE-2024-5931Sep 13, 2024risk 0.00cvss —epss 0.00
BT: Unchecked user input in bap_broadcast_assistant
- CVE-2024-6258Sep 13, 2024risk 0.00cvss —epss 0.00
BT: Missing length checks of net_buf in rfcomm_handle_data
- CVE-2024-5754Sep 13, 2024risk 0.00cvss —epss 0.00
BT: Encryption procedure host vulnerability
- CVE-2024-4785Aug 19, 2024risk 0.00cvss —epss 0.00
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
- CVE-2024-3332Jul 3, 2024risk 0.00cvss —epss 0.00
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
- CVE-2024-3077Mar 29, 2024risk 0.00cvss —epss 0.00
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
- CVE-2023-7060Mar 15, 2024risk 0.00cvss —epss 0.00
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
- CVE-2023-6881Feb 20, 2024risk 0.00cvss —epss 0.00
Possible buffer overflow in is_mount_point
- CVE-2024-1638Feb 19, 2024risk 0.00cvss —epss 0.00
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access,…
- CVE-2023-5779Feb 18, 2024risk 0.00cvss —epss 0.00
can: out of bounds in remove_rx_filter function
- CVE-2023-6249Feb 18, 2024risk 0.00cvss —epss 0.00
Signed to unsigned conversion esp32_ipm_send
Page 3 of 8