Zephyrproject: >> Zephyr >> 3.7.1 Security Vulnerabilities
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-02-25
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-02-25
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
CVSS Score
8.2
EPSS Score
0.002
Published
2025-02-25