Vulnerability Details CVE-2017-14201
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html
- https://github.com/zephyrproject-rtos/zephyr/pull/13260
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17
- https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html
- https://github.com/zephyrproject-rtos/zephyr/pull/13260
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17
Products affected by CVE-2017-14201
-
cpe:2.3:o:zephyrproject:zephyr:-
-
cpe:2.3:o:zephyrproject:zephyr:1.0.0
-
cpe:2.3:o:zephyrproject:zephyr:1.1.0
-
cpe:2.3:o:zephyrproject:zephyr:1.10.0
-
cpe:2.3:o:zephyrproject:zephyr:1.11.0
-
cpe:2.3:o:zephyrproject:zephyr:1.12.0
-
cpe:2.3:o:zephyrproject:zephyr:1.13.0
-
cpe:2.3:o:zephyrproject:zephyr:1.2.0
-
cpe:2.3:o:zephyrproject:zephyr:1.3.0
-
cpe:2.3:o:zephyrproject:zephyr:1.4.0
-
cpe:2.3:o:zephyrproject:zephyr:1.5.0
-
cpe:2.3:o:zephyrproject:zephyr:1.6.0
-
cpe:2.3:o:zephyrproject:zephyr:1.6.1
-
cpe:2.3:o:zephyrproject:zephyr:1.6.99
-
cpe:2.3:o:zephyrproject:zephyr:1.7.0
-
cpe:2.3:o:zephyrproject:zephyr:1.7.1
-
cpe:2.3:o:zephyrproject:zephyr:1.7.99
-
cpe:2.3:o:zephyrproject:zephyr:1.8.0
-
cpe:2.3:o:zephyrproject:zephyr:1.8.99
-
cpe:2.3:o:zephyrproject:zephyr:1.9.0
-
cpe:2.3:o:zephyrproject:zephyr:1.9.1
-
cpe:2.3:o:zephyrproject:zephyr:1.9.2