Vulnerabilities > Zephyrproject > Zephyr > 2.4.0

DATE CVE VULNERABILITY TITLE RISK
2023-01-25 CVE-2023-0396 Out-of-bounds Read vulnerability in Zephyrproject Zephyr
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
low complexity
zephyrproject CWE-125
6.8
2023-01-25 CVE-2022-3806 Double Free vulnerability in Zephyrproject Zephyr
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
network
low complexity
zephyrproject CWE-415
critical
9.8
2023-01-19 CVE-2023-0397 Improper Initialization vulnerability in Zephyrproject Zephyr
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
low complexity
zephyrproject CWE-665
6.5
2023-01-11 CVE-2021-3966 Classic Buffer Overflow vulnerability in Zephyrproject Zephyr
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
low complexity
zephyrproject CWE-120
8.8
2023-01-11 CVE-2022-0553 Cleartext Transmission of Sensitive Information vulnerability in Zephyrproject Zephyr
There is no check to see if slot 0 is being uploaded from the device to the host.
low complexity
zephyrproject CWE-319
4.6
2022-12-09 CVE-2022-2993 Unspecified vulnerability in Zephyrproject Zephyr
There is an error in the condition of the last if-statement in the function smp_check_keys.
network
low complexity
zephyrproject
critical
9.8
2022-10-31 CVE-2022-2741 Resource Exhaustion vulnerability in Zephyrproject Zephyr
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node.
network
low complexity
zephyrproject CWE-400
7.5
2022-06-28 CVE-2021-3435 Use of Uninitialized Resource vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1
Information leakage in le_ecred_conn_req().
local
low complexity
zephyrproject CWE-908
2.1
2021-10-19 CVE-2021-3454 Reachable Assertion vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1
Truncated L2CAP K-frame causes assertion failure.
network
low complexity
zephyrproject CWE-617
7.5
2021-10-19 CVE-2021-3455 Use After Free vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1
Disconnecting L2CAP channel right after invalid ATT request leads freeze.
network
low complexity
zephyrproject CWE-416
5.0