Vulnerability Details CVE-2021-3436
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 6.4
References
Products affected by CVE-2021-3436
-
cpe:2.3:o:zephyrproject:zephyr:1.14.2
-
cpe:2.3:o:zephyrproject:zephyr:2.4.0
-
cpe:2.3:o:zephyrproject:zephyr:2.5.0