Shodan
Vulnerabilities
Vulnerable Software
Zephyrproject:  >> Zephyr  >> 2.4.0  Security Vulnerabilities
CVE-2022-1841
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-08-31
CVE-2022-1041
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-07-26
CVE-2022-1042
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-07-26
CVE-2021-3430
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2021-3432
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
CVSS Score
4.3
EPSS Score
0.004
Published
2022-06-28
CVE-2021-3435
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
CVSS Score
4.0
EPSS Score
0.001
Published
2022-06-28
CVE-2021-3454
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-19
CVE-2021-3455
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVSS Score
4.3
EPSS Score
0.004
Published
2021-10-19
CVE-2021-3322
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
CVSS Score
6.5
EPSS Score
0.001
Published
2021-10-12
CVE-2021-3323
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVSS Score
8.3
EPSS Score
0.004
Published
2021-10-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved