Vulnerabilities > Zephyrproject > Zephyr
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-25 | CVE-2025-1674 | Unspecified vulnerability in Zephyrproject Zephyr A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. | 8.2 |
| 2025-02-25 | CVE-2025-1675 | Unspecified vulnerability in Zephyrproject Zephyr The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. | 9.1 |
| 2025-02-25 | CVE-2025-1673 | Unspecified vulnerability in Zephyrproject Zephyr A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. | 8.2 |
| 2024-12-16 | CVE-2024-8798 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | 6.5 |
| 2024-11-15 | CVE-2024-11263 | Unspecified vulnerability in Zephyrproject Zephyr When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols. | 8.4 |
| 2024-10-04 | CVE-2024-6444 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | 6.5 |
| 2024-10-04 | CVE-2024-6442 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | 6.5 |
| 2024-10-04 | CVE-2024-6443 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | 6.5 |
| 2024-09-13 | CVE-2024-6259 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr BT: HCI: adv_ext_report Improper discarding in adv_ext_report | 6.5 |
| 2024-09-13 | CVE-2024-5931 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr BT: Unchecked user input in bap_broadcast_assistant | 6.5 |