2.5.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-28	CVE-2021-3430	Reachable Assertion vulnerability in Zephyrproject Zephyr Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. network low complexity zephyrproject CWE-617	7.5
2022-06-28	CVE-2021-3431	Reachable Assertion vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Assertion reachable with repeated LL_FEATURE_REQ. network low complexity zephyrproject CWE-617	7.5
2022-06-28	CVE-2021-3432	Divide By Zero vulnerability in Zephyrproject Zephyr Invalid interval in CONNECT_IND leads to Division by Zero. network low complexity zephyrproject CWE-369	7.5
2022-06-28	CVE-2021-3433	Unspecified vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Invalid channel map in CONNECT_IND results to Deadlock. local low complexity zephyrproject	3.3
2022-06-28	CVE-2021-3434	Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Stack based buffer overflow in le_ecred_conn_req(). local low complexity zephyrproject CWE-787	7.8
2022-06-28	CVE-2021-3435	Use of Uninitialized Resource vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1 Information leakage in le_ecred_conn_req(). local low complexity zephyrproject CWE-908	3.3
2021-10-19	CVE-2021-3454	Reachable Assertion vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1 Truncated L2CAP K-frame causes assertion failure. network low complexity zephyrproject CWE-617	7.5
2021-10-19	CVE-2021-3455	Use After Free vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1 Disconnecting L2CAP channel right after invalid ATT request leads freeze. network low complexity zephyrproject CWE-416	7.5
2021-10-05	CVE-2021-3436	Unspecified vulnerability in Zephyrproject Zephyr 1.14.2/2.4.0/2.5.0 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. network low complexity zephyrproject	6.5
2021-10-05	CVE-2021-3510	Unspecified vulnerability in Zephyrproject Zephyr Zephyr JSON decoder incorrectly decodes array of array. network low complexity zephyrproject	7.5