Lucene search
ZephyrCVELIST:CVE-2021-3455HistoryOct 19, 2021 - 10:25 p.m.
CVE-2021-3455 Disconnecting L2CAP channel right after invalid ATT request leads freeze
2021-10-1922:25:09
CWE-416
zephyr
www.cve.org
4
disconnecting l2cap channel
invalid att request
system freeze
zephyr
use after free
cwe-416
security advisory
CVSS3
4.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
45.3%
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CNA Affected
[
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Zephyr Resource Management Error Vulnerability
2021-10-21 00:00:00
nvd
nvd
CVE-2021-3455
2021-10-19 23:15:07
cve
cve
CVE-2021-3455
2021-10-19 23:15:07
prion
prion
Design/Logic Flaw
2021-10-19 23:15:00
CVSS3
4.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
45.3%
Related for CVELIST:CVE-2021-3455