Vulnerabilities > Zephyrproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-26 | CVE-2021-3329 | Improper Initialization vulnerability in Zephyrproject Zephyr 2.4.0 Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | 6.5 |
| 2023-01-25 | CVE-2023-0396 | Out-of-bounds Read vulnerability in Zephyrproject Zephyr A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. | 6.8 |
| 2023-01-25 | CVE-2022-3806 | Double Free vulnerability in Zephyrproject Zephyr Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. | 9.8 |
| 2023-01-19 | CVE-2023-0397 | Improper Initialization vulnerability in Zephyrproject Zephyr A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. | 6.5 |
| 2023-01-11 | CVE-2021-3966 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | 8.8 |
| 2023-01-11 | CVE-2022-0553 | Cleartext Transmission of Sensitive Information vulnerability in Zephyrproject Zephyr There is no check to see if slot 0 is being uploaded from the device to the host. | 4.6 |
| 2022-12-09 | CVE-2022-2993 | Unspecified vulnerability in Zephyrproject Zephyr There is an error in the condition of the last if-statement in the function smp_check_keys. | 9.8 |
| 2022-10-31 | CVE-2022-2741 | Resource Exhaustion vulnerability in Zephyrproject Zephyr The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. | 7.5 |
| 2022-06-28 | CVE-2021-3430 | Reachable Assertion vulnerability in Zephyrproject Zephyr Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. | 5.0 |
| 2022-06-28 | CVE-2021-3431 | Reachable Assertion vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Assertion reachable with repeated LL_FEATURE_REQ. | 5.0 |