Zephyrproject: >> Zephyr >> 2.0.0 Security Vulnerabilities
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
CVSS Score
5.1
EPSS Score
0.001
Published
2020-06-05
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVSS Score
9.0
EPSS Score
0.065
Published
2020-06-05
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-05-11
Page 8