Lucene search

ZephyrCVELIST:CVE-2020-10065

HistoryMay 24, 2021 - 9:40 p.m.

CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI

2021-05-2421:40:24

CWE-130

zephyr

www.cve.org

cve-2020-10065; bluetooth hci; size checks; spi; zephyr; improper handling; length parameter; inconsistency; cwe-130; security advisory

CVSS3

3.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "v1.14.2",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "v2.2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c