Vulnerabilities > CVE-2021-3320 - Type Confusion vulnerability in Zephyrproject Zephyr

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

zephyrproject

CWE-843

NVD

Published: 2021-05-25

Updated: 2021-05-27

Summary

Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7

Vulnerable Configurations

Part	Description	Count
OS	Zephyrproject Zephyrproject Zephyr 2.0.0 Zephyrproject Zephyr 2.1.0 Zephyrproject Zephyr 2.2.0 Zephyrproject Zephyr 2.3.0 Zephyrproject Zephyr 2.4.0	16

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7