Lucene search
ZephyrCVE-2023-4424HistoryNov 21, 2023 - 7:15 a.m.
CVE-2023-4424
2023-11-2107:15:10
CWE-190
CWE-120
zephyr
web.nvd.nist.gov
15
malicious
ble device
buffer overflow
advertising packet
zephyr os
dos
potential rce
nvd
CVSS3
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
21.5%
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
Affected configurations
Node
zephyrprojectzephyrRange≤3.4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zephyrproject | zephyr | * | cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
]Related
veracode
veracode
Denial Of Service (DOS)
2023-11-22 08:23:16
prion
prion
Buffer overflow
2023-11-21 07:15:00
cvelist
cvelist
CVE-2023-4424 bt: hci: DoS and possible RCE
2023-11-21 06:42:45
nvd
nvd
CVE-2023-4424
2023-11-21 07:15:10
CVSS3
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
21.5%
Related for CVE-2023-4424