### [CVE-2024-6443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6443)
![](https://img.shields.io/static/v1?label=Product&message=Zephyr&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brightgreen)

### Description

In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.

### POC

#### Reference
- https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gg46-3rh2-v765

#### Github
No PoCs found on GitHub currently.