Lucene search

ZephyrCVELIST:CVE-2020-13600

HistoryMay 24, 2021 - 9:40 p.m.

CVE-2020-13600 Malformed SPI in response for eswifi can corrupt kernel memory

2021-05-2421:40:28

CWE-122

zephyr

www.cve.org

cve-2020-13600

malformed spi

eswifi

kernel memory

zephyr versions

heap-based buffer overflow

cwe-122

security advisory

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

34.2%

JSON

Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.14.2",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

34.2%

JSON

Related for CVELIST:CVE-2020-13600