CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2020-10070 – MQTT buffer overflow on receive buffer
https://notcve.org/view.php?id=CVE-2020-10070
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. En el código de Zephyr Project MQTT, la comprobación incorrecta de los límites puede resultar en corrupción de la memoria y potencialmente en una ejecución de código remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070 https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542 https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10068 – Zephyr Bluetooth DLE duplicate requests vulnerability
https://notcve.org/view.php?id=CVE-2020-10068
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. En el subsistema Bluetooth de Zephyr project, determinados paquetes duplicados y consecutivos pueden causar un comportamiento incorrecto, resultando en una denegación de servicio. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores, y versión 1.14.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068 https://github.com/zephyrproject-rtos/zephyr/pull/23091 https://github.com/zephyrproject-rtos/zephyr/pull/23707 https://github.com/zephyrproject-rtos/zephyr/pull/23708 https://github.com/zephyrproject-rtos/zephyr/pull/23964 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10063 – Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow
https://notcve.org/view.php?id=CVE-2020-10063
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. Un adversario remoto con la capacidad de enviar paquetes arbitrarios de CoAP para que sean analizados por Zephyr, puede causar una denegación de servicio. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063 https://github.com/zephyrproject-rtos/zephyr/pull/24435 https://github.com/zephyrproject-rtos/zephyr/pull/24530 https://github.com/zephyrproject-rtos/zephyr/pull/24531 https://github.com/zephyrproject-rtos/zephyr/pull/24535 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2020-10062 – Packet length decoding error in MQTT
https://notcve.org/view.php?id=CVE-2020-10062
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. Un error por un paso (off-by-one) en el decodificador de longitud de paquetes MQTT del proyecto Zephyr puede resultar en una corrupción de la memoria y una potencial ejecución de código remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062 https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4 https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10061 – Error handling invalid packet sequence
https://notcve.org/view.php?id=CVE-2020-10061
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. El manejo inapropiado del caso full-buffer en la implementación de Zephyr Bluetooth puede resultar en una corrupción en la memoria. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores, y versión 1.14.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061 https://github.com/zephyrproject-rtos/zephyr/pull/23091 https://github.com/zephyrproject-rtos/zephyr/pull/23516 https://github.com/zephyrproject-rtos/zephyr/pull/23517 https://github.com/zephyrproject-rtos/zephyr/pull/23547 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •