Vulnerabilities > Zephyrproject

DATE CVE VULNERABILITY TITLE RISK
2022-02-07 CVE-2021-3835 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1/3.0.0
Buffer overflow in usb device class.
low complexity
zephyrproject CWE-787
5.8
2022-02-07 CVE-2021-3861 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1
The RNDIS USB device class includes a buffer overflow vulnerability.
local
low complexity
zephyrproject CWE-787
7.2
2021-10-19 CVE-2021-3454 Unspecified vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1
Truncated L2CAP K-frame causes assertion failure.
network
low complexity
zephyrproject
5.0
2021-10-19 CVE-2021-3455 Use After Free vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1
Disconnecting L2CAP channel right after invalid ATT request leads freeze.
network
low complexity
zephyrproject CWE-416
5.0
2021-10-12 CVE-2021-3321 Integer Underflow (Wrap or Wraparound) vulnerability in Zephyrproject Zephyr 2.4.0
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal.
low complexity
zephyrproject CWE-191
5.8
2021-10-12 CVE-2021-3322 NULL Pointer Dereference vulnerability in Zephyrproject Zephyr
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr.
low complexity
zephyrproject CWE-476
3.3
2021-10-12 CVE-2021-3323 Integer Underflow (Wrap or Wraparound) vulnerability in Zephyrproject Zephyr 2.4.0
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr.
network
low complexity
zephyrproject CWE-191
7.5
2021-10-12 CVE-2021-3330 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.4.0
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr.
low complexity
zephyrproject CWE-787
5.8
2021-10-05 CVE-2021-3319 NULL Pointer Dereference vulnerability in Zephyrproject Zephyr 2.4.0
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses.
network
low complexity
zephyrproject CWE-476
7.5
2021-10-05 CVE-2021-3436 Unspecified vulnerability in Zephyrproject Zephyr 1.14.2/2.4.0/2.5.0
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known.
network
low complexity
zephyrproject
6.4