admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3810

Browse Source 
Auto-merge PR#3810
This commit is contained in:
CVE Team 2020-05-11 18:26:22 -04:00 committed by GitHub
commit 6e24528a3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 1131 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2017/14xxx/CVE-2017-14200.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14200",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +11,8 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** Unused CVE for 2017."
}
]
}
}
}

111
2020/10xxx/CVE-2020-10019.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow in USB DFU requested length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.1"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow.\n\nSee NCC-ZEP-002\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.1 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10021.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write in USB Mass Storage with unaligned sizes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.1"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes\n\nSee NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.1 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23455"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10022.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.1.0"
},
{
"version_affected": ">=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case.\n\nSee NCC-NCC-016\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.1.0 and later versions.\nversion 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24065"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10023.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.0"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel.\n\nSee NCC-NCC-019\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.0 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23646"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10024.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.0"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel.\n\nSee NCC-ZEP-001\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.0 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
],
"discovery": "EXTERNAL"
}
}
}

8
2020/10xxx/CVE-2020-10025.json
View File

@ -4,15 +4,15 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10067. Reason: This candidate is a reservation duplicate of CVE-2020-10067. Notes: All CVE users should reference CVE-2020-10067 instead of this candidate."
}
]
}
}
}

8
2020/10xxx/CVE-2020-10026.json
View File

@ -4,15 +4,15 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10021. Reason: This candidate is a reservation duplicate of CVE-2020-10021. Notes: All CVE users should reference CVE-2020-10021 instead of this candidate."
}
]
}
}
}

111
2020/10xxx/CVE-2020-10027.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.0"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel.\n\nSee NCC-ZEP-001\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.0 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23500"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10028.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Multiple Syscalls In GPIO Subsystem Performs No Argument Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.0"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple syscalls with insufficient argument validation\n\nSee NCC-ZEP-006\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.0 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23733"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
],
"discovery": "EXTERNAL"
}
}
}

103
2020/10xxx/CVE-2020-10058.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Multiple Syscalls In kscan Subsystem Performs No Argument Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges.\n\nSee NCC-ZEP-006\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34"
],
"discovery": "EXTERNAL"
}
}
}

107
2020/10xxx/CVE-2020-10059.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Explicitly Disables TLS Verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking.\n\nSee NCC-ZEP-018\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
}
}
}

99
2020/10xxx/CVE-2020-10060.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "UpdateHub Might Dereference An Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.1.0"
},
{
"version_affected": ">=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak.\n\nRecommend disabling updatehub until such a time as a fix can be made available. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server.\n\nSee NCC-ZEP-030\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.1.0 and later versions.\nversion 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10067.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.14.1"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious userspace application can cause a integer overflow and bypass security checks performed by\nsystem call handlers. The impact would depend on the underlying system call and can range\nfrom denial of service to information leak to memory corruption resulting in code execution\nwithin the kernel.\n\nSee NCC-ZEP-005\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 1.14.1 and later versions.\nversion 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23653"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
],
"discovery": "EXTERNAL"
}
}
}