diff --git a/2020/10xxx/CVE-2020-10019.json b/2020/10xxx/CVE-2020-10019.json index 41e21be9b3a..ea14c2e6b2c 100644 --- a/2020/10xxx/CVE-2020-10019.json +++ b/2020/10xxx/CVE-2020-10019.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10021.json b/2020/10xxx/CVE-2020-10021.json index 9c626d432c8..ec0a4ff6643 100644 --- a/2020/10xxx/CVE-2020-10021.json +++ b/2020/10xxx/CVE-2020-10021.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10022.json b/2020/10xxx/CVE-2020-10022.json index b48e8f870a4..033f0301def 100644 --- a/2020/10xxx/CVE-2020-10022.json +++ b/2020/10xxx/CVE-2020-10022.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10023.json b/2020/10xxx/CVE-2020-10023.json index b941d8b71ea..e201c6c73d2 100644 --- a/2020/10xxx/CVE-2020-10023.json +++ b/2020/10xxx/CVE-2020-10023.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10024.json b/2020/10xxx/CVE-2020-10024.json index ab84d5b9e26..a0ac9915358 100644 --- a/2020/10xxx/CVE-2020-10024.json +++ b/2020/10xxx/CVE-2020-10024.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10027.json b/2020/10xxx/CVE-2020-10027.json index d345c072146..f1d8c2d7a3c 100644 --- a/2020/10xxx/CVE-2020-10027.json +++ b/2020/10xxx/CVE-2020-10027.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10028.json b/2020/10xxx/CVE-2020-10028.json index a6a440586e4..745390c8a93 100644 --- a/2020/10xxx/CVE-2020-10028.json +++ b/2020/10xxx/CVE-2020-10028.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10058.json b/2020/10xxx/CVE-2020-10058.json index b883eab2c95..62718b7c130 100644 --- a/2020/10xxx/CVE-2020-10058.json +++ b/2020/10xxx/CVE-2020-10058.json @@ -92,8 +92,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10059.json b/2020/10xxx/CVE-2020-10059.json index be6bd2a29af..0f3a9390978 100644 --- a/2020/10xxx/CVE-2020-10059.json +++ b/2020/10xxx/CVE-2020-10059.json @@ -87,8 +87,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10060.json b/2020/10xxx/CVE-2020-10060.json index 22753daec29..54c9360dfc7 100644 --- a/2020/10xxx/CVE-2020-10060.json +++ b/2020/10xxx/CVE-2020-10060.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060" } ] }, diff --git a/2020/10xxx/CVE-2020-10061.json b/2020/10xxx/CVE-2020-10061.json index 461bbe31803..aa99880a17b 100644 --- a/2020/10xxx/CVE-2020-10061.json +++ b/2020/10xxx/CVE-2020-10061.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-14T00:00:00.000Z", "ID": "CVE-2020-10061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Error handling invalid packet sequence" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + }, + { + "version_affected": ">=", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "PhD - Garbelini Matheus Eduardo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2020/10xxx/CVE-2020-10062.json b/2020/10xxx/CVE-2020-10062.json index 043518c751c..96e62ccff04 100644 --- a/2020/10xxx/CVE-2020-10062.json +++ b/2020/10xxx/CVE-2020-10062.json @@ -1,18 +1,107 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Packet length decoding error in MQTT" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-193 Off-by-one Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4" + }, + { + "refsource": "CONFIRM", + "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2020/10xxx/CVE-2020-10063.json b/2020/10xxx/CVE-2020-10063.json index 88d904cee54..811375cdc22 100644 --- a/2020/10xxx/CVE-2020-10063.json +++ b/2020/10xxx/CVE-2020-10063.json @@ -1,18 +1,123 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + }, + { + "version_affected": ">=", + "version_value": "2.1.0" + }, + { + "version_affected": ">=", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service.\n\n\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2020/10xxx/CVE-2020-10067.json b/2020/10xxx/CVE-2020-10067.json index 6b40fe7fab3..e69d472e520 100644 --- a/2020/10xxx/CVE-2020-10067.json +++ b/2020/10xxx/CVE-2020-10067.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10068.json b/2020/10xxx/CVE-2020-10068.json index 9d95c7c35ba..aa147ce416d 100644 --- a/2020/10xxx/CVE-2020-10068.json +++ b/2020/10xxx/CVE-2020-10068.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Zephyr Bluetooth DLE duplicate requests vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + }, + { + "version_affected": ">=", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "PhD - Garbelini Matheus Eduardo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2020/10xxx/CVE-2020-10070.json b/2020/10xxx/CVE-2020-10070.json index 531aefe44d8..b9cf8ca5d47 100644 --- a/2020/10xxx/CVE-2020-10070.json +++ b/2020/10xxx/CVE-2020-10070.json @@ -1,18 +1,115 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MQTT buffer overflow on receive buffer" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542" + }, + { + "refsource": "CONFIRM", + "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2020/10xxx/CVE-2020-10071.json b/2020/10xxx/CVE-2020-10071.json index 6af51b86470..35c1a91a5aa 100644 --- a/2020/10xxx/CVE-2020-10071.json +++ b/2020/10xxx/CVE-2020-10071.json @@ -1,18 +1,115 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insufficient publish message length validation in MQTT" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-129 Improper Validation of Array Index" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082" + }, + { + "refsource": "CONFIRM", + "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +}