CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4424 – bt: hci: DoS and possible RCE
https://notcve.org/view.php?id=CVE-2023-4424
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. Un dispositivo BLE malicioso puede provocar un desbordamiento del búfer al enviar un paquete publicitario con formato incorrecto al dispositivo BLE utilizando Zephyr OS, lo que provoca DoS o un posible RCE en el dispositivo BLE víctima. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-5139 – Potential buffer overflow vulnerability in the Zephyr STM32 Crypto driver
https://notcve.org/view.php?id=CVE-2023-5139
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver Posible vulnerabilidad de desbordamiento del búfer en la siguiente ubicación en el controlador Zephyr STM32 Crypto • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5753 – Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem
https://notcve.org/view.php?id=CVE-2023-5753
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c Posibles desbordamientos del búfer en el subsistema Bluetooth debido a afirmaciones deshabilitadas en /subsys/bluetooth/host/hci_core.c • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4257 – Unchecked user input length in the Zephyr WiFi shell module
https://notcve.org/view.php?id=CVE-2023-4257
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. La longitud de entrada del usuario no marcada en /subsys/net/l2/wifi/wifi_shell.c puede provocar desbordamientos del búfer. • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4263 – Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
https://notcve.org/view.php?id=CVE-2023-4263
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver Posible vulnerabilidad de desbordamiento del buffer en el controlador Zephyr IEEE 802.15.4 nRF 15.4 • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •