Vulnerabilities > Zephyrproject > Zephyr > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2020-13601 | Out-of-bounds Read vulnerability in Zephyrproject Zephyr Possible read out of bounds in dns read. | 9.8 |
| 2021-05-25 | CVE-2020-10064 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Improper Input Frame Validation in ieee802154 Processing. | 9.8 |
| 2020-06-05 | CVE-2020-10062 | Off-by-one Error vulnerability in Zephyrproject Zephyr An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. | 9.8 |
| 2020-06-05 | CVE-2020-10070 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. | 9.8 |
| 2020-06-05 | CVE-2020-10071 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. | 9.8 |
| 2020-05-11 | CVE-2020-10022 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. | 9.8 |
| 2019-04-12 | CVE-2017-14199 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zephyrproject Zephyr 1.10.0/1.9.0 A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0. | 9.8 |
| 2018-09-06 | CVE-2018-1000800 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr 1.12.0 zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). | 9.8 |