CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2993 – bt: host: Wrong key validation check
https://notcve.org/view.php?id=CVE-2022-2993
09 Dec 2022 — There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. Hay un error en la condición de la última declaración if en la función smp_check_keys. Rechazaba las claves actuales si no se cumplían todos los requisitos. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2741 – can: denial-of-service can be triggered by a crafted CAN frame
https://notcve.org/view.php?id=CVE-2022-2741
31 Oct 2022 — The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). La denegación de servicio puede activarse transmiti... • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1841 – Out-of-bound write in tcp_flags
https://notcve.org/view.php?id=CVE-2022-1841
31 Aug 2022 — In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. En el archivo subsys/net/ip/tcp.c, la función tcp_flags , cuando el parámetro entrante flags es ECN o CWR , el buf escribirá fuera de límites un byte cero • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1042 – Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
https://notcve.org/view.php?id=CVE-2022-1042
26 Jul 2022 — In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de límites durante el aprovisionamiento. • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1041 – Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
https://notcve.org/view.php?id=CVE-2022-1041
26 Jul 2022 — In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de límites durante el aprovisionamiento. • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p449-9hv9-pj38 • CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3435 – L2CAP: Information leakage in le_ecred_conn_req()
https://notcve.org/view.php?id=CVE-2021-3435
28 Jun 2022 — Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh Un filtrado de información en la función le_ecred_conn_req(). Zephyr versiones posteriores a v2.4.0 incluyéndola, Uso de Recurso no Inicializado (CWE-908). Para más información, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3434 – L2CAP: Stack based buffer overflow in le_ecred_conn_req()
https://notcve.org/view.php?id=CVE-2021-3434
28 Jun 2022 — Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm Un desbordamiento del búfer en la región Stack de la memoria en la función le_ecred_conn_req(). Zephyr versiones posteriores a v2.5.0 incluyéndola, Desbordamiento del búfer en la región Stack de la memoria (CWE-121). Para más información, vea https://github.com/zephyrproject-rtos/zep... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3433 – BT: Invalid channel map in CONNECT_IND results to Deadlock
https://notcve.org/view.php?id=CVE-2021-3433
28 Jun 2022 — Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp Un mapa de canales no válido en la función CONNECT_IND provoca un bloqueo. Zephyr versiones posteriores a v2.5.0 incluyéndola, Comprobación o Manejo Inapropiado de Condiciones Excepcionales (CWE-703). Para más información, vea https://github.com/zephyrpro... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3432 – BT: Invalid interval in CONNECT_IND leads to Division by Zero
https://notcve.org/view.php?id=CVE-2021-3432
28 Jun 2022 — Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 Un intervalo no válido en la función CONNECT_IND conlleva a una división por cero. Zephyr versiones posteriores a v1.14.0 incluyéndola, División por Cero (CWE-369). Para más información, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3431 – BT: Assertion failure on repeated LL_FEATURE_REQ
https://notcve.org/view.php?id=CVE-2021-3431
28 Jun 2022 — Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 Aserción alcanzable con la función LL_FEATURE_REQ repetida. Zephyr versiones posteriores a v2.5.0 incluyéndola, contienen una Aserción Alcanzable (CWE-617). Para más información, vea https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 • CWE-617: Reachable Assertion •