admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Publish Zephyr CVEs that have left embargo

Browse Source
This commit is contained in:
David Brown 2021-05-24 15:35:49 -06:00
parent 1d6da568b1
commit 3d09f41e63
12 changed files with 912 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2020/10xxx/CVE-2020-10064.json
View File

@ -4,15 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Improper Input Frame Validation in ieee802154 Processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v1.14.2"
},
{
"version_affected": ">=",
"version_value": "v2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"environmentalScore": 8.3,
"temporalScore": 8.3,
"baseSeverity": "HIGH"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7"
]
}
}

78
2020/10xxx/CVE-2020-10065.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Missing Size Checks in Bluetooth HCI over SPI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v1.14.2"
},
{
"version_affected": ">=",
"version_value": "v2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"environmentalScore": 3.8,
"temporalScore": 3.8,
"baseSeverity": "LOW"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency (CWE-130)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
}
}

78
2020/10xxx/CVE-2020-10066.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Incorrect Error Handling in Bluetooth HCI core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v1.14.2"
},
{
"version_affected": ">=",
"version_value": "v2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"environmentalScore": 2.5,
"temporalScore": 2.5,
"baseSeverity": "LOW"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr"
]
}
}

78
2020/10xxx/CVE-2020-10069.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Zephyr Bluetooth unchecked packet data results in denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v1.14.2"
},
{
"version_affected": ">=",
"version_value": "v2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"environmentalScore": 4.3,
"temporalScore": 4.3,
"baseSeverity": "MEDIUM"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Parameters (CWE-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp"
]
}
}

78
2020/10xxx/CVE-2020-10072.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10072",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-08-28T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Improper Handling of Insufficient Permissions or Privileges in zephyr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v1.14.2"
},
{
"version_affected": ">=",
"version_value": "v2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"environmentalScore": 5.9,
"temporalScore": 5.9,
"baseSeverity": "MEDIUM"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc"
]
}
}

78
2020/13xxx/CVE-2020-13598.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v1.14.2"
},
{
"version_affected": ">=",
"version_value": "v2.3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"environmentalScore": 6.3,
"temporalScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h"
]
}
}

78
2020/13xxx/CVE-2020-13599.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-25T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Security problem with settings and littlefs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.2"
},
{
"version_affected": ">=",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"environmentalScore": 3.3,
"temporalScore": 3.3,
"baseSeverity": "LOW"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q"
]
}
}

78
2020/13xxx/CVE-2020-13600.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-10-07T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Malformed SPI in response for eswifi can corrupt kernel memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.2"
},
{
"version_affected": ">=",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"environmentalScore": 7.1,
"temporalScore": 7.0,
"baseSeverity": "HIGH"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr"
]
}
}

78
2020/13xxx/CVE-2020-13601.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-11-18T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Possible read out of bounds in dns read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.2"
},
{
"version_affected": ">=",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"environmentalScore": 9.1,
"temporalScore": 9.0,
"baseSeverity": "CRITICAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44"
]
}
}

86
2020/13xxx/CVE-2020-13602.json
View File

@ -4,15 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-25T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Remote Denial of Service in LwM2M do_write_op_tlv"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.2"
},
{
"version_affected": ">=",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"environmentalScore": 4.0,
"temporalScore": 4.0,
"baseSeverity": "MEDIUM"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh"
]
}
}

78
2020/13xxx/CVE-2020-13603.json
View File

@ -4,15 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-03-23T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow in memory allocating functions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.2"
},
{
"version_affected": ">=",
"version_value": "2.4.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"environmentalScore": 7.0,
"temporalScore": 6.9,
"baseSeverity": "MEDIUM"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound (CWE-190)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45"
]
}
}

74
2021/3xxx/CVE-2021-3320.json
View File

@ -4,15 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-04-14T00:00:00.000Z",
"STATE": "PUBLIC",
"TITLE": "Type Confusion in 802154 ACK Frames Handling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zephyrproject-rtos",
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v2.4.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"environmentalScore": 5.9,
"temporalScore": 5.9,
"baseSeverity": "MEDIUM"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7"
]
}
}