An malicious BLE device can crash BLE victim device by sending malformed gatt packet
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-03-29
Updated
2024-03-29
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.
Max CVSS
8.2
EPSS Score
0.04%
Published
2024-02-19
Updated
2024-02-20
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
Max CVSS
8.6
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-17
Possible buffer overflow in is_mount_point
Max CVSS
7.3
EPSS Score
N/A
Published
2024-02-29
Updated
2024-02-29
Unchecked length coming from user input in settings shell
Max CVSS
8.0
EPSS Score
0.04%
Published
2024-02-18
Updated
2024-02-20
Signed to unsigned conversion esp32_ipm_send
Max CVSS
8.0
EPSS Score
0.04%
Published
2024-02-18
Updated
2024-02-20
can: out of bounds in remove_rx_filter function
Max CVSS
4.4
EPSS Score
0.04%
Published
2024-02-18
Updated
2024-02-20
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-10-25
Updated
2024-01-12
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-10-13
Updated
2023-10-18
 Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
Max CVSS
8.8
EPSS Score
0.04%
Published
2023-09-27
Updated
2023-12-21
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-26
Updated
2024-01-21
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-11-21
Updated
2023-12-01
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-11-21
Updated
2023-11-29
Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-08-12
Updated
2024-01-12
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
Max CVSS
9.6
EPSS Score
0.05%
Published
2023-09-27
Updated
2023-12-22
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-10-13
Updated
2023-12-22
Possible buffer overflow  in Zephyr mgmt subsystem when asserts are disabled
Max CVSS
10.0
EPSS Score
0.07%
Published
2023-09-27
Updated
2023-12-22
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
Max CVSS
10.0
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-12-22
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-09-26
Updated
2023-12-22
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Max CVSS
8.6
EPSS Score
0.05%
Published
2023-09-25
Updated
2023-09-26
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-10-13
Updated
2024-01-12
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-10-06
Updated
2023-12-22
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-08-28
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
Max CVSS
8.0
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-07-17
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
Max CVSS
8.0
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-07-14
89 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!