Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveZephyrCVE-2020-10019
HistoryMay 11, 2020 - 11:15 p.m.

CVE-2020-10019

2020-05-1123:15:11
CWE-120
zephyr
web.nvd.nist.gov
44
cve-2020-10019
usb
dfu
buffer overflow
vulnerability
zephyrproject-rtos
ncc-zep-002
nvd
security
exploit

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Affected configurations

Nvd
Node
zephyrprojectzephyrRange<1.14.2
OR
zephyrprojectzephyrRange2.0.02.1.0
VendorProductVersionCPE
zephyrprojectzephyr*cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.14.1",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2020-10019
2020-05-11 23:15:11
prion
prion
Buffer overflow
2020-05-11 23:15:00
cvelist
cvelist
CVE-2020-10019 Buffer Overflow in USB DFU requested length
2020-05-11 22:26:11

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON
Related for CVE-2020-10019
nvd1prion1cvelist1