Shodan
Vulnerabilities
Vulnerable Software
Zephyrproject:  >> Zephyr  >> 2.5.0  Security Vulnerabilities
CVE-2022-1041
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-07-26
CVE-2022-1042
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-07-26
CVE-2021-3430
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2021-3431
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
CVSS Score
4.3
EPSS Score
0.004
Published
2022-06-28
CVE-2021-3432
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
CVSS Score
4.3
EPSS Score
0.004
Published
2022-06-28
CVE-2021-3433
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
CVSS Score
4.0
EPSS Score
0.001
Published
2022-06-28
CVE-2021-3434
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
CVSS Score
4.9
EPSS Score
0.001
Published
2022-06-28
CVE-2021-3435
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
CVSS Score
4.0
EPSS Score
0.001
Published
2022-06-28
CVE-2021-3454
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-19
CVE-2021-3455
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVSS Score
4.3
EPSS Score
0.004
Published
2021-10-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved