Lucene search

ZephyrCVE-2023-5139

HistoryOct 26, 2023 - 5:15 a.m.

CVE-2023-5139

2023-10-2605:15:26

CWE-120

zephyr

web.nvd.nist.gov

cve-2023-5139

buffer overflow

zephyr

stm32

crypto

driver

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver

Affected configurations

Nvd

Node

zephyrprojectzephyrRange≤3.4.0

VendorProductVersionCPE
zephyrprojectzephyr*cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zephyrproject	zephyr	*	cpe:2.3:o:zephyrproject:zephyr::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "3.5",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html

seclists.org/fulldisclosure/2023/Nov/1

www.openwall.com/lists/oss-security/2023/11/07/1

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-5139