CVE-2022-1841 – Out-of-bound write in tcp_flags
https://notcve.org/view.php?id=CVE-2022-1841
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. En el archivo subsys/net/ip/tcp.c, la función tcp_flags , cuando el parámetro entrante flags es ECN o CWR , el buf escribirá fuera de límites un byte cero • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh • CWE-787: Out-of-bounds Write •
CVE-2022-1042 – Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
https://notcve.org/view.php?id=CVE-2022-1042
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de límites durante el aprovisionamiento. • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x • CWE-787: Out-of-bounds Write •
CVE-2022-1041 – Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
https://notcve.org/view.php?id=CVE-2022-1041
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de límites durante el aprovisionamiento. • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38 • CWE-787: Out-of-bounds Write •
CVE-2021-3435 – L2CAP: Information leakage in le_ecred_conn_req()
https://notcve.org/view.php?id=CVE-2021-3435
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh Un filtrado de información en la función le_ecred_conn_req(). Zephyr versiones posteriores a v2.4.0 incluyéndola, Uso de Recurso no Inicializado (CWE-908). Para más información, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh • CWE-908: Use of Uninitialized Resource •
CVE-2021-3432 – BT: Invalid interval in CONNECT_IND leads to Division by Zero
https://notcve.org/view.php?id=CVE-2021-3432
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 Un intervalo no válido en la función CONNECT_IND conlleva a una división por cero. Zephyr versiones posteriores a v1.14.0 incluyéndola, División por Cero (CWE-369). Para más información, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 • CWE-369: Divide By Zero •