| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. |
| A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. |
| Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c |
| Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver |
| Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. |
| Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 |
| Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver |
| Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. |
| Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. |
| Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem |
| At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. |
| When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols. |
| A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device |
| An malicious BLE device can crash BLE victim device by sending malformed gatt packet |
| Possible buffer overflow in is_mount_point |
| Signed to unsigned conversion esp32_ipm_send |
| can: out of bounds in remove_rx_filter function |
| Unchecked length coming from user input in settings shell |
| The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. |
| Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. |
