Lucene search

ZephyrCVELIST:CVE-2023-0779

HistoryMay 30, 2023 - 12:00 a.m.

CVE-2023-0779 net: shell: Improper input validation

2023-05-3000:00:00

CWE-20

zephyr

www.cve.org

cve-2023-0779

net

shell

improper input validation

device crash

memory layout exploitation

CVSS3

6.7

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.

CNA Affected

[
  {
    "vendor": "zephyrproject-rtos",
    "product": "zephyr",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "v3.3",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "v2.7.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549

CVSS3

6.7

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Related for CVELIST:CVE-2023-0779