Zephyr OS
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4424 | Hig | 0.54 | 8.3 | 0.00 | Nov 21, 2023 | An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. | ||
| CVE-2023-4263 | Hig | 0.49 | 7.6 | 0.00 | Oct 13, 2023 | Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | ||
| CVE-2021-3321 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | ||
| CVE-2023-4259 | Hig | 0.46 | 7.1 | 0.01 | Sep 26, 2023 | Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | ||
| CVE-2025-12899 | Med | 0.42 | 6.5 | 0.00 | Jan 30, 2026 | A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. | ||
| CVE-2017-14202 | Hig | 0.00 | 7.8 | 0.01 | Aug 29, 2019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on… | ||
| CVE-2017-14201 | Hig | 0.00 | 7.8 | 0.01 | Aug 29, 2019 | Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. |
- risk 0.54cvss 8.3epss 0.00
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
- risk 0.49cvss 7.6epss 0.00
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
- risk 0.49cvss 7.5epss 0.01
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
- risk 0.46cvss 7.1epss 0.01
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
- risk 0.42cvss 6.5epss 0.00
A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.
- risk 0.00cvss 7.8epss 0.01
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on…
- risk 0.00cvss 7.8epss 0.01
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.