Search

Find a vulnerability

Search criteria

    16 vulnerabilities by Zephyr

    VAR-202301-2092

    Vulnerability from variot - Updated: 2025-04-05 00:30

    A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Zephyr Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202301-2092",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "3.2.0"
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          },
          {
            "model": "zephyr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "cve": "CVE-2023-0396",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2023-0396",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-0396",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-0396",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-0396",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-0396",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202301-1798",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Zephyr Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0396"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-0396",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0396",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "id": "VAR-202301-2092",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-04-05T00:30:23.294000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Buffer\u00a0Overreads\u00a0in\u00a0Bluetooth\u00a0HCI",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3"
          },
          {
            "title": "zephyr Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223859"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2023-0396 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-0396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-126",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/ghsa-8rpp-6vxq-pqg3"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0396"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-0396/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2023-0396"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-0396"
          },
          {
            "date": "2023-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "date": "2023-01-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          },
          {
            "date": "2023-01-25T02:02:06.200000",
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-0396"
          },
          {
            "date": "2023-07-25T02:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          },
          {
            "date": "2023-02-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          },
          {
            "date": "2025-04-03T20:15:20.587000",
            "db": "NVD",
            "id": "CVE-2023-0396"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zephyr\u00a0 Out-of-bounds read vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002652"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1798"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202301-2124

    Vulnerability from variot - Updated: 2025-04-04 22:28

    Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. Zephyr contains a double free vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202301-2124",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "3.2.0"
          },
          {
            "model": "zephyr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "cve": "CVE-2022-3806",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3806",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-3806",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-3806",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-3806",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-3806",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202301-1799",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. Zephyr contains a double free vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3806"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-3806",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3806",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "id": "VAR-202301-2124",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-04-04T22:28:54.403000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Bluetooth\u00a0HCI\u00a0Error\u00a0Handling\u00a0Double\u00a0Free",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3"
          },
          {
            "title": "zephyr Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223699"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-3806 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-3806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.0
          },
          {
            "problemtype": "Double release (CWE-415) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/ghsa-w525-fm68-ppq3"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3806"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-3806/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-3806"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-3806"
          },
          {
            "date": "2023-07-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "date": "2023-01-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          },
          {
            "date": "2023-01-25T02:01:19.820000",
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-3806"
          },
          {
            "date": "2023-07-21T00:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          },
          {
            "date": "2023-02-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          },
          {
            "date": "2025-04-03T20:15:17.550000",
            "db": "NVD",
            "id": "CVE-2022-3806"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zephyr\u00a0 Double release vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002567"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-1799"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202207-1752

    Vulnerability from variot - Updated: 2025-01-30 21:57

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Zephyr Project of Zephyr Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-1752",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "3.0.0"
          },
          {
            "model": "zephyr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          },
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": "3.0.0  and earlier"
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "cve": "CVE-2022-1041",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-1041",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "vulnerabilities@zephyrproject.org",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2022-1041",
                "impactScore": 5.3,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-1041",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-1041",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "vulnerabilities@zephyrproject.org",
                "id": "CVE-2022-1041",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-1041",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-2415",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Zephyr Project of Zephyr Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1041"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-1041",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072719",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1041",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "id": "VAR-202207-1752",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:57:27.037000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zephyr Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201728"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/ghsa-p449-9hv9-pj38"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1041"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072719"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-1041/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1041"
          },
          {
            "date": "2023-09-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          },
          {
            "date": "2022-07-26T05:15:07.610000",
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1041"
          },
          {
            "date": "2023-09-12T08:21:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          },
          {
            "date": "2022-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          },
          {
            "date": "2022-08-02T18:44:28.343000",
            "db": "NVD",
            "id": "CVE-2022-1041"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zephyr\u00a0Project\u00a0 of \u00a0Zephyr\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013887"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2415"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0028

    Vulnerability from variot - Updated: 2025-01-30 21:14

    Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. zephyrproject-rtos zephyr Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0028",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "2.2.0"
          },
          {
            "model": "zephyr",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "2.0.0"
          },
          {
            "model": "zephyr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "1.14.0"
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zephyrproject:zephyr",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          }
        ]
      },
      "cve": "CVE-2020-10061",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2020-10061",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006451",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-10061",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "vulnerabilities@zephyrproject.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.4,
                "id": "CVE-2020-10061",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006451",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-10061",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "vulnerabilities@zephyrproject.org",
                "id": "CVE-2020-10061",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006451",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-556",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10061",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. zephyrproject-rtos zephyr Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10061"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10061",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10061",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "id": "VAR-202006-0028",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:14:24.666000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "[backport v1.14] Bluetooth: controller: legacy: Backport v2.2 to v1.14-branch #23091",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
          },
          {
            "title": "Bluetooth: controller: split: Fix regression handling invalid packet sequence #23516",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
          },
          {
            "title": "Bluetooth: controller: legacy: Fix regression handling tx pool corruption #23517",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
          },
          {
            "title": "[backport v2.2] Bluetooth: controller: split: Fix regression in handling invalid pkt seq #23547",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
          },
          {
            "title": "CVE-2020-10061",
            "trust": 0.8,
            "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
          },
          {
            "title": "Zephyr Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120657"
          },
          {
            "title": "sweyntooth_bluetooth_low_energy_attacks",
            "trust": 0.1,
            "url": "https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/sd258sos/bluetooth-security-app "
          },
          {
            "title": "awesome-bluetooth-security",
            "trust": 0.1,
            "url": "https://github.com/engn33r/awesome-bluetooth-security "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/JeffroMF/awesome-bluetooth-security321 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
          },
          {
            "trust": 1.7,
            "url": "https://zephyrprojectsec.atlassian.net/browse/zepsec-75"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10061"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10061"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/matheus-garbelini/sweyntooth_bluetooth_low_energy_attacks"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          },
          {
            "date": "2020-06-05T18:15:12.463000",
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-10-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10061"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          },
          {
            "date": "2021-10-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          },
          {
            "date": "2024-11-21T04:54:43.690000",
            "db": "NVD",
            "id": "CVE-2020-10061"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "zephyrproject-rtos zephyr Buffer error vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006451"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-556"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0031

    Vulnerability from variot - Updated: 2025-01-30 20:58

    In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. zephyrproject-rtos zephyr There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0031",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "2.2.0"
          },
          {
            "model": "zephyr",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "2.0.0"
          },
          {
            "model": "zephyr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "1.14.0"
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zephyrproject:zephyr",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          }
        ]
      },
      "cve": "CVE-2020-10068",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2020-10068",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006454",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-10068",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "vulnerabilities@zephyrproject.org",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.4,
                "id": "CVE-2020-10068",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006454",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-10068",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "vulnerabilities@zephyrproject.org",
                "id": "CVE-2020-10068",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006454",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-573",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. zephyrproject-rtos zephyr There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10068",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "id": "VAR-202006-0031",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:58:47.090000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "[backport v1.14] Bluetooth: controller: legacy: Backport v2.2 to v1.14-branch #23091",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
          },
          {
            "title": "Bluetooth: controller: split: Fix DLE duplicate requests #23707",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
          },
          {
            "title": "Bluetooth: controller: legacy: Fix DLE duplicate requests #23708",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
          },
          {
            "title": "[backport v2.2] Bluetooth: controller: split: Fix DLE duplicate requests #23964",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
          },
          {
            "title": "CVE-2020-10068",
            "trust": 0.8,
            "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
          },
          {
            "trust": 1.6,
            "url": "https://zephyrprojectsec.atlassian.net/browse/zepsec-78"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10068"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10068"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          },
          {
            "date": "2020-06-05T18:15:12.887000",
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          },
          {
            "date": "2020-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          },
          {
            "date": "2024-11-21T04:54:44.533000",
            "db": "NVD",
            "id": "CVE-2020-10068"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "zephyrproject-rtos zephyr Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006454"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-573"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202105-0020

    Vulnerability from variot - Updated: 2025-01-30 20:43

    Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c. Zephyr Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0020",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "2.2.0"
          },
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "1.14.2"
          },
          {
            "model": "zephyr",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "2.0.0"
          },
          {
            "model": "zephyr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "cve": "CVE-2020-10065",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2020-10065",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-10065",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "author": "vulnerabilities@zephyrproject.org",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 0.4,
                "id": "CVE-2020-10065",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-10065",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-10065",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "vulnerabilities@zephyrproject.org",
                "id": "CVE-2020-10065",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-10065",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202105-1645",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10065",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c. Zephyr Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10065"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10065",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10065",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "id": "VAR-202105-0020",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:43:49.891000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Missing\u00a0Size\u00a0Checks\u00a0in\u00a0Bluetooth\u00a0HCI\u00a0over\u00a0SPI",
            "trust": 0.8,
            "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
          },
          {
            "title": "Zephyr Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152392"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-130",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/ghsa-hg2w-62p6-g67c"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10065"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10065"
          },
          {
            "date": "2022-02-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "date": "2021-05-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          },
          {
            "date": "2021-05-25T17:15:07.577000",
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10065"
          },
          {
            "date": "2022-02-04T07:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          },
          {
            "date": "2021-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          },
          {
            "date": "2022-10-29T02:48:34.693000",
            "db": "NVD",
            "id": "CVE-2020-10065"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zephyr\u00a0 Out-of-bounds Vulnerability in Microsoft",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-016782"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1645"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202207-1779

    Vulnerability from variot - Updated: 2025-01-30 20:29

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Zephyr Project of Zephyr Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-1779",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "3.0.0"
          },
          {
            "model": "zephyr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          },
          {
            "model": "zephyr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": "3.0.0  and earlier"
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "cve": "CVE-2022-1042",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-1042",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "vulnerabilities@zephyrproject.org",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2022-1042",
                "impactScore": 5.3,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-1042",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-1042",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "vulnerabilities@zephyrproject.org",
                "id": "CVE-2022-1042",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-1042",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-2416",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. Zephyr Project of Zephyr Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1042"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-1042",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072719",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1042",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1042"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "id": "VAR-202207-1779",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "other device"
            ],
            "sub_category": "IoT device with Zephyr RTOS",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:29:05.346000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zephyr Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201729"
          },
          {
            "title": "cve-2022-1042",
            "trust": 0.1,
            "url": "https://github.com/git-cve-updater/cve-2022-1042 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1042"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/ghsa-j7v7-w73r-mm5x"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1042"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-1042/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072719"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/git-cve-updater/cve-2022-1042"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1042"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1042"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1042"
          },
          {
            "date": "2023-09-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          },
          {
            "date": "2022-07-26T05:15:07.900000",
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1042"
          },
          {
            "date": "2023-09-12T08:21:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          },
          {
            "date": "2022-08-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          },
          {
            "date": "2022-08-03T15:43:12.830000",
            "db": "NVD",
            "id": "CVE-2022-1042"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zephyr\u00a0Project\u00a0 of \u00a0Zephyr\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013886"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-2416"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202301-0806

    Vulnerability from variot - Updated: 2025-01-30 19:54

    usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. Zephyr Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0806",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zephyr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "zephyrproject",
            "version": "3.0.0"
          },
          {
            "model": "zephyr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          },
          {
            "model": "zephyr",
            "scope": null,
            "trust": 0.8,
            "vendor": "zephyr",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "cve": "CVE-2021-3966",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-3966",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "vulnerabilities@zephyrproject.org",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-3966",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-3966",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-3966",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "vulnerabilities@zephyrproject.org",
                "id": "CVE-2021-3966",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-3966",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202301-825",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. Zephyr Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-3966",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "id": "VAR-202301-0806",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "network device"
            ],
            "sub_category": "bluetooth device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T19:54:32.424000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Usb\u00a0bluetooth\u00a0device\u00a0ACL\u00a0read\u00a0cb\u00a0buffer\u00a0overflow",
            "trust": 0.8,
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/ghsa-hfxq-3w6x-fv2m"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3966"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-3966/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          },
          {
            "date": "2023-01-11T05:15:10.940000",
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-29T01:43:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          },
          {
            "date": "2023-01-18T20:03:55.547000",
            "db": "NVD",
            "id": "CVE-2021-3966"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zephyr\u00a0 Classic buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005337"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-825"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-3333 (GCVE-0-2022-3333)

    Vulnerability from nvd – Published: 2022-09-28 04:35 – Updated: 2025-04-15 13:46
    VLAI
    Title
    Zephyr Project Manager REST Call cross site scripting
    Summary
    A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-707 - Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zephyr Project Manager Affected: 3.2.0
    Affected: 3.2.1
    Affected: 3.2.2
    Affected: 3.2.3
    Affected: 3.2.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.209370"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3333",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:59:51.951219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T13:46:47.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Project Manager",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T04:35:12.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.209370"
            }
          ],
          "title": "Zephyr Project Manager REST Call cross site scripting",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2022-3333",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "Zephyr Project Manager REST Call cross site scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Project Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.2.0"
                              },
                              {
                                "version_value": "3.2.1"
                              },
                              {
                                "version_value": "3.2.2"
                              },
                              {
                                "version_value": "3.2.3"
                              },
                              {
                                "version_value": "3.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "3.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed"
                },
                {
                  "name": "https://vuldb.com/?id.209370",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.209370"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-3333",
        "datePublished": "2022-09-28T04:35:12.000Z",
        "dateReserved": "2022-09-27T00:00:00.000Z",
        "dateUpdated": "2025-04-15T13:46:47.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14202 (GCVE-0-2017-14202)

    Vulnerability from nvd – Published: 2019-08-29 00:44 – Updated: 2024-09-17 01:16
    VLAI
    Title
    The shell implementation does not protect against buffer overruns resulting in unpredictable behavior.
    Summary
    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
    Severity
    No CVSS data available.
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Zephyr shell Affected: prior to 1.14.0
    Create a notification for this product.
    Date Public
    2019-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "shell",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 1.14.0"
                }
              ]
            }
          ],
          "datePublic": "2019-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-29T00:44:13.000Z",
            "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
            "shortName": "zephyr"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
            }
          ],
          "source": {
            "defect": [
              "ZEPSEC-18"
            ],
            "discovery": "USER"
          },
          "title": "The shell implementation does not protect against buffer overruns resulting in unpredictable behavior.",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilities@zephyrproject.org",
              "DATE_PUBLIC": "2019-04-19T00:00:00.000Z",
              "ID": "CVE-2017-14202",
              "STATE": "PUBLIC",
              "TITLE": "The shell implementation does not protect against buffer overruns resulting in unpredictable behavior."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "shell",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 1.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html",
                  "refsource": "MISC",
                  "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
                },
                {
                  "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18",
                  "refsource": "MISC",
                  "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
                },
                {
                  "name": "https://github.com/zephyrproject-rtos/zephyr/pull/13048",
                  "refsource": "MISC",
                  "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
                }
              ]
            },
            "source": {
              "defect": [
                "ZEPSEC-18"
              ],
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "assignerShortName": "zephyr",
        "cveId": "CVE-2017-14202",
        "datePublished": "2019-08-29T00:44:13.046Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:38.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14201 (GCVE-0-2017-14201)

    Vulnerability from nvd – Published: 2019-08-29 00:44 – Updated: 2024-09-17 00:46
    VLAI
    Title
    The shell DNS command can cause unpredictable results due to misuse of stack variables.
    Summary
    Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Zephyr shell Affected: prior to 1.14.0
    Create a notification for this product.
    Date Public
    2019-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "shell",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 1.14.0"
                }
              ]
            }
          ],
          "datePublic": "2019-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-29T00:44:16.000Z",
            "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
            "shortName": "zephyr"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
            }
          ],
          "source": {
            "defect": [
              "ZEPSEC-17"
            ],
            "discovery": "USER"
          },
          "title": "The shell DNS command can cause unpredictable results due to misuse of stack variables.",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilities@zephyrproject.org",
              "DATE_PUBLIC": "2019-04-19T00:00:00.000Z",
              "ID": "CVE-2017-14201",
              "STATE": "PUBLIC",
              "TITLE": "The shell DNS command can cause unpredictable results due to misuse of stack variables."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "shell",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 1.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-416 Use After Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17",
                  "refsource": "MISC",
                  "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
                },
                {
                  "name": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html",
                  "refsource": "MISC",
                  "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
                },
                {
                  "name": "https://github.com/zephyrproject-rtos/zephyr/pull/13260",
                  "refsource": "MISC",
                  "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
                }
              ]
            },
            "source": {
              "defect": [
                "ZEPSEC-17"
              ],
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "assignerShortName": "zephyr",
        "cveId": "CVE-2017-14201",
        "datePublished": "2019-08-29T00:44:16.325Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:36.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14199 (GCVE-0-2017-14199)

    Vulnerability from nvd – Published: 2019-04-12 16:20 – Updated: 2024-08-05 19:20
    VLAI
    Summary
    A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zephyr getaddrinfo Affected: 1.9.0
    Affected: 1.10.0
    Create a notification for this product.
    Date Public
    2018-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "getaddrinfo",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                }
              ]
            }
          ],
          "datePublic": "2018-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-12T16:20:02.000Z",
            "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
            "shortName": "zephyr"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilities@zephyrproject.org",
              "ID": "CVE-2017-14199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "getaddrinfo",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.9.0"
                              },
                              {
                                "version_value": "1.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12",
                  "refsource": "CONFIRM",
                  "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
                },
                {
                  "name": "https://github.com/zephyrproject-rtos/zephyr/pull/6158",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "assignerShortName": "zephyr",
        "cveId": "CVE-2017-14199",
        "datePublished": "2019-04-12T16:20:02.000Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:20:41.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3333 (GCVE-0-2022-3333)

    Vulnerability from cvelistv5 – Published: 2022-09-28 04:35 – Updated: 2025-04-15 13:46
    VLAI
    Title
    Zephyr Project Manager REST Call cross site scripting
    Summary
    A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-707 - Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zephyr Project Manager Affected: 3.2.0
    Affected: 3.2.1
    Affected: 3.2.2
    Affected: 3.2.3
    Affected: 3.2.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.209370"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3333",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:59:51.951219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T13:46:47.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Project Manager",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T04:35:12.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.209370"
            }
          ],
          "title": "Zephyr Project Manager REST Call cross site scripting",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2022-3333",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "Zephyr Project Manager REST Call cross site scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Project Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.2.0"
                              },
                              {
                                "version_value": "3.2.1"
                              },
                              {
                                "version_value": "3.2.2"
                              },
                              {
                                "version_value": "3.2.3"
                              },
                              {
                                "version_value": "3.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "3.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed"
                },
                {
                  "name": "https://vuldb.com/?id.209370",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.209370"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-3333",
        "datePublished": "2022-09-28T04:35:12.000Z",
        "dateReserved": "2022-09-27T00:00:00.000Z",
        "dateUpdated": "2025-04-15T13:46:47.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14201 (GCVE-0-2017-14201)

    Vulnerability from cvelistv5 – Published: 2019-08-29 00:44 – Updated: 2024-09-17 00:46
    VLAI
    Title
    The shell DNS command can cause unpredictable results due to misuse of stack variables.
    Summary
    Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Zephyr shell Affected: prior to 1.14.0
    Create a notification for this product.
    Date Public
    2019-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "shell",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 1.14.0"
                }
              ]
            }
          ],
          "datePublic": "2019-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-29T00:44:16.000Z",
            "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
            "shortName": "zephyr"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
            }
          ],
          "source": {
            "defect": [
              "ZEPSEC-17"
            ],
            "discovery": "USER"
          },
          "title": "The shell DNS command can cause unpredictable results due to misuse of stack variables.",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilities@zephyrproject.org",
              "DATE_PUBLIC": "2019-04-19T00:00:00.000Z",
              "ID": "CVE-2017-14201",
              "STATE": "PUBLIC",
              "TITLE": "The shell DNS command can cause unpredictable results due to misuse of stack variables."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "shell",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 1.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-416 Use After Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17",
                  "refsource": "MISC",
                  "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17"
                },
                {
                  "name": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html",
                  "refsource": "MISC",
                  "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
                },
                {
                  "name": "https://github.com/zephyrproject-rtos/zephyr/pull/13260",
                  "refsource": "MISC",
                  "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13260"
                }
              ]
            },
            "source": {
              "defect": [
                "ZEPSEC-17"
              ],
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "assignerShortName": "zephyr",
        "cveId": "CVE-2017-14201",
        "datePublished": "2019-08-29T00:44:16.325Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:36.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14202 (GCVE-0-2017-14202)

    Vulnerability from cvelistv5 – Published: 2019-08-29 00:44 – Updated: 2024-09-17 01:16
    VLAI
    Title
    The shell implementation does not protect against buffer overruns resulting in unpredictable behavior.
    Summary
    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
    Severity
    No CVSS data available.
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Zephyr shell Affected: prior to 1.14.0
    Create a notification for this product.
    Date Public
    2019-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "shell",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 1.14.0"
                }
              ]
            }
          ],
          "datePublic": "2019-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-29T00:44:13.000Z",
            "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
            "shortName": "zephyr"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
            }
          ],
          "source": {
            "defect": [
              "ZEPSEC-18"
            ],
            "discovery": "USER"
          },
          "title": "The shell implementation does not protect against buffer overruns resulting in unpredictable behavior.",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilities@zephyrproject.org",
              "DATE_PUBLIC": "2019-04-19T00:00:00.000Z",
              "ID": "CVE-2017-14202",
              "STATE": "PUBLIC",
              "TITLE": "The shell implementation does not protect against buffer overruns resulting in unpredictable behavior."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "shell",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 1.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html",
                  "refsource": "MISC",
                  "url": "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html"
                },
                {
                  "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18",
                  "refsource": "MISC",
                  "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18"
                },
                {
                  "name": "https://github.com/zephyrproject-rtos/zephyr/pull/13048",
                  "refsource": "MISC",
                  "url": "https://github.com/zephyrproject-rtos/zephyr/pull/13048"
                }
              ]
            },
            "source": {
              "defect": [
                "ZEPSEC-18"
              ],
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "assignerShortName": "zephyr",
        "cveId": "CVE-2017-14202",
        "datePublished": "2019-08-29T00:44:13.046Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:38.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14199 (GCVE-0-2017-14199)

    Vulnerability from cvelistv5 – Published: 2019-04-12 16:20 – Updated: 2024-08-05 19:20
    VLAI
    Summary
    A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zephyr getaddrinfo Affected: 1.9.0
    Affected: 1.10.0
    Create a notification for this product.
    Date Public
    2018-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "getaddrinfo",
              "vendor": "Zephyr",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                }
              ]
            }
          ],
          "datePublic": "2018-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-12T16:20:02.000Z",
            "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
            "shortName": "zephyr"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilities@zephyrproject.org",
              "ID": "CVE-2017-14199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "getaddrinfo",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.9.0"
                              },
                              {
                                "version_value": "1.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zephyr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow has been found in the Zephyr Project\u0027s getaddrinfo() implementation in 1.9.0 and 1.10.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12",
                  "refsource": "CONFIRM",
                  "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12"
                },
                {
                  "name": "https://github.com/zephyrproject-rtos/zephyr/pull/6158",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/zephyrproject-rtos/zephyr/pull/6158"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "assignerShortName": "zephyr",
        "cveId": "CVE-2017-14199",
        "datePublished": "2019-04-12T16:20:02.000Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:20:41.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }