Lucene search

ZephyrCVELIST:CVE-2023-0359

HistoryJul 10, 2023 - 4:21 a.m.

CVE-2023-0359 ipv6: Missing ipv6 nullptr-check in handle_ra_input

2023-07-1004:21:21

CWE-20

zephyr

www.cve.org

cve-2023-0359

ipv6

nullptr-check

handle_ra_input

nullptr-deref

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

A missing nullptr-check in handle_ra_input can cause a nullptr-deref.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.2",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      },
      {
        "lessThanOrEqual": "2.7.4",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

Related for CVELIST:CVE-2023-0359