admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3897

Browse Source 
Auto-merge PR#3897
This commit is contained in:
CVE Team 2020-06-05 13:40:12 -04:00 committed by GitHub
commit dd9d587e96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 654 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2020/10xxx/CVE-2020-10019.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10021.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10022.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10023.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10024.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10027.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10028.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10058.json
View File

@ -92,8 +92,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10059.json
View File

@ -87,8 +87,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
},
{
"refsource": "MISC",

4
2020/10xxx/CVE-2020-10060.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"
}
]
},

115
2020/10xxx/CVE-2020-10061.json
View File

@ -1,18 +1,119 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-14T00:00:00.000Z",
"ID": "CVE-2020-10061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Error handling invalid packet sequence"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.2.0"
},
{
"version_affected": ">=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
],
"discovery": "EXTERNAL"
}
}
}

103
2020/10xxx/CVE-2020-10062.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Packet length decoding error in MQTT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193 Off-by-one Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"refsource": "CONFIRM",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
],
"discovery": "EXTERNAL"
}
}
}

119
2020/10xxx/CVE-2020-10063.json
View File

@ -1,18 +1,123 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.2.0"
},
{
"version_affected": ">=",
"version_value": "2.1.0"
},
{
"version_affected": ">=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service.\n\n\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
],
"discovery": "EXTERNAL"
}
}
}

4
2020/10xxx/CVE-2020-10067.json
View File

@ -91,8 +91,8 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
},
{
"refsource": "MISC",

115
2020/10xxx/CVE-2020-10068.json
View File

@ -1,18 +1,119 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Zephyr Bluetooth DLE duplicate requests vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.2.0"
},
{
"version_affected": ">=",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PhD - Garbelini Matheus Eduardo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10070.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "MQTT buffer overflow on receive buffer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
},
{
"refsource": "CONFIRM",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
],
"discovery": "EXTERNAL"
}
}
}

111
2020/10xxx/CVE-2020-10071.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-25T00:00:00.000Z",
"ID": "CVE-2020-10071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Insufficient publish message length validation in MQTT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
},
{
"refsource": "CONFIRM",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
],
"discovery": "EXTERNAL"
}
}
}