Lucene search

ZephyrCVELIST:CVE-2023-4257

HistoryOct 13, 2023 - 9:09 p.m.

CVE-2023-4257 Unchecked user input length in the Zephyr WiFi shell module

2023-10-1321:09:51

CWE-131

CWE-120

zephyr

www.cve.org

cve-2023-4257

unchecked input

buffer overflows

zephyr

wifi shell

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

36.2%

JSON

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.4",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]

References

packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html

seclists.org/fulldisclosure/2023/Nov/1

www.openwall.com/lists/oss-security/2023/11/07/1

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

36.2%

JSON

Related for CVELIST:CVE-2023-4257