From 7a6b1b459598b2b884063c0541b756f60985ba73 Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 26 May 2020 10:46:15 -0600 Subject: [PATCH 1/7] Fix case in Zephyr vulnerability notes The Zephyr documentation makes these links lowercase. This fixes the links so that clicking on them will go directly to the desired vulnerability, instead of the top of the document. --- 2020/10xxx/CVE-2020-10019.json | 4 ++-- 2020/10xxx/CVE-2020-10021.json | 4 ++-- 2020/10xxx/CVE-2020-10022.json | 4 ++-- 2020/10xxx/CVE-2020-10023.json | 4 ++-- 2020/10xxx/CVE-2020-10024.json | 4 ++-- 2020/10xxx/CVE-2020-10027.json | 4 ++-- 2020/10xxx/CVE-2020-10028.json | 4 ++-- 2020/10xxx/CVE-2020-10058.json | 4 ++-- 2020/10xxx/CVE-2020-10059.json | 4 ++-- 2020/10xxx/CVE-2020-10060.json | 4 ++-- 2020/10xxx/CVE-2020-10067.json | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/2020/10xxx/CVE-2020-10019.json b/2020/10xxx/CVE-2020-10019.json index 41e21be9b3a..ea14c2e6b2c 100644 --- a/2020/10xxx/CVE-2020-10019.json +++ b/2020/10xxx/CVE-2020-10019.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10019" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10021.json b/2020/10xxx/CVE-2020-10021.json index 9c626d432c8..ec0a4ff6643 100644 --- a/2020/10xxx/CVE-2020-10021.json +++ b/2020/10xxx/CVE-2020-10021.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10021" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10022.json b/2020/10xxx/CVE-2020-10022.json index b48e8f870a4..033f0301def 100644 --- a/2020/10xxx/CVE-2020-10022.json +++ b/2020/10xxx/CVE-2020-10022.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10022" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10023.json b/2020/10xxx/CVE-2020-10023.json index b941d8b71ea..e201c6c73d2 100644 --- a/2020/10xxx/CVE-2020-10023.json +++ b/2020/10xxx/CVE-2020-10023.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10023" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10024.json b/2020/10xxx/CVE-2020-10024.json index ab84d5b9e26..a0ac9915358 100644 --- a/2020/10xxx/CVE-2020-10024.json +++ b/2020/10xxx/CVE-2020-10024.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10024" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10027.json b/2020/10xxx/CVE-2020-10027.json index d345c072146..f1d8c2d7a3c 100644 --- a/2020/10xxx/CVE-2020-10027.json +++ b/2020/10xxx/CVE-2020-10027.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10027" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10028.json b/2020/10xxx/CVE-2020-10028.json index a6a440586e4..745390c8a93 100644 --- a/2020/10xxx/CVE-2020-10028.json +++ b/2020/10xxx/CVE-2020-10028.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10028" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10058.json b/2020/10xxx/CVE-2020-10058.json index b883eab2c95..62718b7c130 100644 --- a/2020/10xxx/CVE-2020-10058.json +++ b/2020/10xxx/CVE-2020-10058.json @@ -92,8 +92,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10058" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10059.json b/2020/10xxx/CVE-2020-10059.json index be6bd2a29af..0f3a9390978 100644 --- a/2020/10xxx/CVE-2020-10059.json +++ b/2020/10xxx/CVE-2020-10059.json @@ -87,8 +87,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10059" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059" }, { "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10060.json b/2020/10xxx/CVE-2020-10060.json index 22753daec29..54c9360dfc7 100644 --- a/2020/10xxx/CVE-2020-10060.json +++ b/2020/10xxx/CVE-2020-10060.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10060" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060" } ] }, diff --git a/2020/10xxx/CVE-2020-10067.json b/2020/10xxx/CVE-2020-10067.json index 6b40fe7fab3..e69d472e520 100644 --- a/2020/10xxx/CVE-2020-10067.json +++ b/2020/10xxx/CVE-2020-10067.json @@ -91,8 +91,8 @@ }, { "refsource": "MISC", - "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067", - "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#CVE-2020-10067" + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067", + "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067" }, { "refsource": "MISC", From 350d34a03728fdfb66e45ecb5066a34d50491c4b Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 26 May 2020 10:52:06 -0600 Subject: [PATCH 2/7] Publish CVE-2020-10061 --- 2020/10xxx/CVE-2020-10061.json | 115 +++++++++++++++++++++++++++++++-- 1 file changed, 108 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10061.json b/2020/10xxx/CVE-2020-10061.json index 461bbe31803..aa99880a17b 100644 --- a/2020/10xxx/CVE-2020-10061.json +++ b/2020/10xxx/CVE-2020-10061.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-14T00:00:00.000Z", "ID": "CVE-2020-10061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Error handling invalid packet sequence" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + }, + { + "version_affected": ">=", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "PhD - Garbelini Matheus Eduardo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From f3599db2f0cee65065328aea99d1c49a7270e8a6 Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 26 May 2020 15:03:09 -0600 Subject: [PATCH 3/7] Publish CVE-2020-10068 --- 2020/10xxx/CVE-2020-10068.json | 115 +++++++++++++++++++++++++++++++-- 1 file changed, 108 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10068.json b/2020/10xxx/CVE-2020-10068.json index 9d95c7c35ba..aa147ce416d 100644 --- a/2020/10xxx/CVE-2020-10068.json +++ b/2020/10xxx/CVE-2020-10068.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Zephyr Bluetooth DLE duplicate requests vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + }, + { + "version_affected": ">=", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "PhD - Garbelini Matheus Eduardo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 4ca3208731191d0b2588485c54300cf3eec0d8a6 Mon Sep 17 00:00:00 2001 From: David Brown Date: Wed, 27 May 2020 11:37:59 -0600 Subject: [PATCH 4/7] Publish CVE-2020-10062 --- 2020/10xxx/CVE-2020-10062.json | 103 ++++++++++++++++++++++++++++++--- 1 file changed, 96 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10062.json b/2020/10xxx/CVE-2020-10062.json index 043518c751c..96e62ccff04 100644 --- a/2020/10xxx/CVE-2020-10062.json +++ b/2020/10xxx/CVE-2020-10062.json @@ -1,18 +1,107 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Packet length decoding error in MQTT" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-193 Off-by-one Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4" + }, + { + "refsource": "CONFIRM", + "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 72580b80062d8192406945ae25a5d508449e823a Mon Sep 17 00:00:00 2001 From: David Brown Date: Wed, 27 May 2020 11:50:14 -0600 Subject: [PATCH 5/7] Publish CVE-2020-10070 --- 2020/10xxx/CVE-2020-10070.json | 111 ++++++++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10070.json b/2020/10xxx/CVE-2020-10070.json index 531aefe44d8..b9cf8ca5d47 100644 --- a/2020/10xxx/CVE-2020-10070.json +++ b/2020/10xxx/CVE-2020-10070.json @@ -1,18 +1,115 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MQTT buffer overflow on receive buffer" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542" + }, + { + "refsource": "CONFIRM", + "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 56743c89df54c72f8936ef8f9bdd29b38e03fe2d Mon Sep 17 00:00:00 2001 From: David Brown Date: Wed, 27 May 2020 11:59:11 -0600 Subject: [PATCH 6/7] Publish CVE-2020-10071 --- 2020/10xxx/CVE-2020-10071.json | 111 ++++++++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10071.json b/2020/10xxx/CVE-2020-10071.json index 6af51b86470..35c1a91a5aa 100644 --- a/2020/10xxx/CVE-2020-10071.json +++ b/2020/10xxx/CVE-2020-10071.json @@ -1,18 +1,115 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insufficient publish message length validation in MQTT" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-129 Improper Validation of Array Index" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082" + }, + { + "refsource": "CONFIRM", + "url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 83e51d1ee8eb61017fb5acc3ce49e82a0afe0f9a Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 2 Jun 2020 14:16:45 -0600 Subject: [PATCH 7/7] Publish CVE-2020-10063 --- 2020/10xxx/CVE-2020-10063.json | 119 +++++++++++++++++++++++++++++++-- 1 file changed, 112 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10063.json b/2020/10xxx/CVE-2020-10063.json index 88d904cee54..811375cdc22 100644 --- a/2020/10xxx/CVE-2020-10063.json +++ b/2020/10xxx/CVE-2020-10063.json @@ -1,18 +1,123 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2020-05-25T00:00:00.000Z", "ID": "CVE-2020-10063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.2.0" + }, + { + "version_affected": ">=", + "version_value": "2.1.0" + }, + { + "version_affected": ">=", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "zephyrproject-rtos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "NCC Group for report" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service.\n\n\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530" + } + ] + }, + "source": { + "defect": [ + "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55" + ], + "discovery": "EXTERNAL" } -} \ No newline at end of file +}