VYPR

Zephyr

by Zephyrproject Rtos

Source repositories

CVEs (141)

  • CVE-2021-3329Feb 26, 2023
    risk 0.00cvss epss 0.01

    Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack

  • CVE-2022-3806Jan 19, 2023
    risk 0.00cvss epss 0.01

    Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.

  • CVE-2023-0396Jan 19, 2023
    risk 0.00cvss epss 0.00

    A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.

  • CVE-2023-0397Jan 19, 2023
    risk 0.00cvss epss 0.00

    A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.

  • CVE-2021-3966Jan 11, 2023
    risk 0.00cvss epss 0.00

    usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.

  • CVE-2022-0553Jan 11, 2023
    risk 0.00cvss epss 0.00

    There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.

  • CVE-2022-2993Dec 12, 2022
    risk 0.00cvss epss 0.01

    There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.

  • CVE-2022-2741Oct 31, 2022
    risk 0.00cvss epss 0.01

    The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The…

  • CVE-2022-1841Aug 31, 2022
    risk 0.00cvss epss 0.00

    In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.

  • CVE-2022-1042Jul 26, 2022
    risk 0.00cvss epss 0.01

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.

  • CVE-2022-1041Jul 26, 2022
    risk 0.00cvss epss 0.01

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.

  • CVE-2021-3435Jun 28, 2022
    risk 0.00cvss epss 0.00

    Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh

  • CVE-2021-3434Jun 28, 2022
    risk 0.00cvss epss 0.00

    Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm

  • CVE-2021-3433Jun 28, 2022
    risk 0.00cvss epss 0.00

    Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp

  • CVE-2021-3432Jun 28, 2022
    risk 0.00cvss epss 0.01

    Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4

  • CVE-2021-3431Jun 28, 2022
    risk 0.00cvss epss 0.01

    Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9

  • CVE-2021-3430Jun 28, 2022
    risk 0.00cvss epss 0.01

    Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr

  • CVE-2021-3861Feb 7, 2022
    risk 0.00cvss epss 0.00

    The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj

  • CVE-2021-3835Feb 7, 2022
    risk 0.00cvss epss 0.01

    Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf

  • CVE-2021-3454Oct 19, 2021
    risk 0.00cvss epss 0.01

    Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/G…

Page 5 of 8