Vulnerabilities (CVE)

Filtered by vendor Zephyrproject Subscribe
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6442 1 Zephyrproject 1 Zephyr 2024-11-13 N/A 6.5 MEDIUM
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
CVE-2024-6444 1 Zephyrproject 1 Zephyr 2024-11-13 N/A 6.5 MEDIUM
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVE-2024-6443 1 Zephyrproject 1 Zephyr 2024-11-12 N/A 6.5 MEDIUM
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
CVE-2023-1902 1 Zephyrproject 1 Zephyr 2024-11-07 N/A 8.0 HIGH
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2023-1901 1 Zephyrproject 1 Zephyr 2024-11-07 N/A 8.0 HIGH
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2024-5754 1 Zephyrproject 1 Zephyr 2024-09-19 N/A 6.5 MEDIUM
BT: Encryption procedure host vulnerability
CVE-2024-6258 1 Zephyrproject 1 Zephyr 2024-09-19 N/A 6.5 MEDIUM
BT: Missing length checks of net_buf in rfcomm_handle_data
CVE-2024-5931 1 Zephyrproject 1 Zephyr 2024-09-19 N/A 6.5 MEDIUM
BT: Unchecked user input in bap_broadcast_assistant
CVE-2024-6135 1 Zephyrproject 1 Zephyr 2024-09-19 N/A 6.5 MEDIUM
BT:Classic: Multiple missing buf length checks
CVE-2024-6259 1 Zephyrproject 1 Zephyr 2024-09-19 N/A 6.5 MEDIUM
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
CVE-2024-6137 1 Zephyrproject 1 Zephyr 2024-09-19 N/A 6.5 MEDIUM
BT: Classic: SDP OOB access in get_att_search_list
CVE-2023-5055 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 9.8 CRITICAL
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
CVE-2023-4424 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 8.8 HIGH
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
CVE-2023-5139 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 7.8 HIGH
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
CVE-2023-5184 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 8.8 HIGH
 Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
CVE-2023-4259 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 8.8 HIGH
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
CVE-2023-3725 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 9.8 CRITICAL
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVE-2023-4264 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 9.6 CRITICAL
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
CVE-2023-4263 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 8.8 HIGH
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
CVE-2023-4260 1 Zephyrproject 1 Zephyr 2024-02-05 N/A 10.0 CRITICAL
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.