Lucene search

ZephyrCVELIST:CVE-2021-3434

HistoryJun 28, 2022 - 7:45 p.m.

CVE-2021-3434 L2CAP: Stack based buffer overflow in le_ecred_conn_req()

2022-06-2819:45:39

CWE-121

zephyr

www.cve.org

cve-2021-3434

l2cap

stack-based buffer overflow

zephyr v2.5.0

CVSS3

4.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

36.4%

JSON

Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "v2.5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "v2.6.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm

CVSS3

4.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

36.4%

JSON

Related for CVELIST:CVE-2021-3434