Lucene search

ZephyrCVELIST:CVE-2021-3329

HistoryFeb 26, 2023 - 12:00 a.m.

CVE-2021-3329 DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer

2023-02-2600:00:00

CWE-703

zephyr

www.cve.org

cve-2021-3329

dos

bluetooth

stack initialization

validation

crash

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack

CNA Affected

[
  {
    "vendor": "zephyrproject-rtos",
    "product": "zephyr",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "v2.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

zephyrprojectsec.atlassian.net/browse/ZEPSEC-117

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Related for CVELIST:CVE-2021-3329