CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3436 – BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known
https://notcve.org/view.php?id=CVE-2021-3436
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 BT: Posibilidad de sobrescribir un vínculo existente durante la fase de distribución de claves cuando se conoce la dirección de identidad del vínculo. Zephyr versiones posteriores a 1.14.2 incluyéndola, versiones posteriores a 2.4.0 incluyéndola, versiones posteriores a 2.5.0 incluyéndola, contienen Uso de Múltiples Recursos con Identificador Duplicado (CWE-694). Para más información, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 • CWE-694: Use of Multiple Resources with Duplicate Identifier •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3319 – DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses
https://notcve.org/view.php?id=CVE-2021-3319
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 DOS: Comprobación Incorrecta de Tramas 802154 para Direcciones de Origen/Destino Omitidas. Zephyr versiones anteriores y posteriores a v2.4.0 incluyéndola, contienen una Desreferencia de Puntero NULL (CWE-476), Intento de Acceso a Child de un Puntero No Estructurado (CWE-588). Para más información, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 • CWE-476: NULL Pointer Dereference CWE-588: Attempt to Access Child of a Non-structure Pointer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3320 – Type Confusion in 802154 ACK Frames Handling
https://notcve.org/view.php?id=CVE-2021-3320
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 Una Confusión de tipos en el manejo de tramas ACK 802154. Las versiones de Zephyr superiores a v2.4.0 e incluyéndolas, contienen un Desreferencia del Puntero NULL (CWE-476). Para mayor información, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10060 – UpdateHub Might Dereference An Uninitialized Pointer
https://notcve.org/view.php?id=CVE-2020-10060
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060 https://github.com/zephyrproject-rtos/zephyr/pull/27865 https://github.com/zephyrproject-rtos/zephyr/pull/27889 https://github.com/zephyrproject-rtos/zephyr/pull/27891 https://github.com/zephyrproject-rtos/zephyr/pull/27893 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-824: Access of Uninitialized Pointer •