
CVE-2021-3581 – Buffer Access with Incorrect Length Value in zephyr
https://notcve.org/view.php?id=CVE-2021-3581
05 Oct 2021 — Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 Acceso al búfer con un valor de longitud incorrecto en zephyr. Zephyr versiones posteriores a 2.5.0 incluyéndola, contienen Acceso al Buffer con Valor de Longitud Incorrecto (CWE-805). Para más información, consulte https://github.com/zephyrproject-rtos/zephyr... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 • CWE-805: Buffer Access with Incorrect Length Value CWE-1284: Improper Validation of Specified Quantity in Input •

CVE-2021-3510 – Zephyr JSON decoder incorrectly decodes array of array
https://notcve.org/view.php?id=CVE-2021-3510
05 Oct 2021 — Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 El decodificador JSON de Zephyr decodifica incorrectamente un array de array. Zephyr versiones anteriores y posteriores a 1.14.0 incluyéndola, versiones anteriores y posteriores a 2.5.0 incluyéndola, contienen Intento de Acceso a Child d... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 • CWE-588: Attempt to Access Child of a Non-structure Pointer •

CVE-2021-3436 – BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known
https://notcve.org/view.php?id=CVE-2021-3436
05 Oct 2021 — BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 BT: Posibilidad de sobrescribir un vínculo existente durante la fase de distribución de claves cuando se conoce la dirección de identidad del vínculo. Zephyr vers... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 • CWE-694: Use of Multiple Resources with Duplicate Identifier •

CVE-2021-3319 – DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses
https://notcve.org/view.php?id=CVE-2021-3319
05 Oct 2021 — DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 DOS: Comprobación Incorrecta de Tramas 802154 para Direcciones de Origen/Destino Omitidas. Zephyr versiones anteriores y posteriores a v2.4.0 incluyéndola, contienen una Desreferencia de Punt... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 • CWE-476: NULL Pointer Dereference CWE-588: Attempt to Access Child of a Non-structure Pointer •

CVE-2021-3320 – Type Confusion in 802154 ACK Frames Handling
https://notcve.org/view.php?id=CVE-2021-3320
24 May 2021 — Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 Una Confusión de tipos en el manejo de tramas ACK 802154. Las versiones de Zephyr superiores a v2.4.0 e incluyéndolas, contienen un Desreferencia del Puntero NULL (CWE-476). Para mayor información, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHS... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2020-13603 – Integer Overflow in memory allocating functions
https://notcve.org/view.php?id=CVE-2020-13603
24 May 2021 — Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45 Un Desbordamiento de Enteros en funciones de asignación de memoria. Zephyr versiones posteriores a 1.14.2 incluyéndola, versiones posteriores a 2.4.0 incluyéndola, contienen un Desbordamiento de Enteros o Wraparound (CWE-190). Para mayor información, consu... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45 • CWE-190: Integer Overflow or Wraparound •

CVE-2020-13602 – Remote Denial of Service in LwM2M do_write_op_tlv
https://notcve.org/view.php?id=CVE-2020-13602
24 May 2021 — Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh Una Denegación de Servicio Remota en la función do_write_op_tlv de LwM2M. Zephyr versiones posteriores a 1.14.2 incluyéndola, versiones posteriores a 2.2.0 incluyéndola, contienen una Comprobación In... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVE-2020-13601 – Possible read out of bounds in dns read
https://notcve.org/view.php?id=CVE-2020-13601
24 May 2021 — Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 Una posible Lectura Fuera de Límites en una lectura de dns. Zephyr versiones posteriores a 1.14.2 incluyéndola, versiones posteriores a 2.3.0 incluyéndola, contienen una Lectura Fuera de Límites (CWE-125). Para mayor información, consulte https://github.com/zephyrproject-rtos... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 • CWE-125: Out-of-bounds Read •

CVE-2020-13600 – Malformed SPI in response for eswifi can corrupt kernel memory
https://notcve.org/view.php?id=CVE-2020-13600
24 May 2021 — Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr Un SPI malformado en respuesta a eswifi puede corromper la memoria del kernel. Zephyr versiones posteriores a 1.14.2 incluyéndola, versiones posteriores a 2.3.0 incluyéndola, contienen un Desbordamiento del Búfer en la región Heap de la memoria (CWE-... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2020-13599 – Security problem with settings and littlefs
https://notcve.org/view.php?id=CVE-2020-13599
24 May 2021 — Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q Un problema de seguridad con la configuración y littlefs. Zephyr versiones posteriores a 1.14.2 incluyéndola, versiones posteriores a 2.3.0 incluyéndola, contienen Permisos Predeterminados Incorrectos (CWE-276). Para mayor información, consulte https://github.c... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q • CWE-276: Incorrect Default Permissions •