Lucene search

ZephyrCVELIST:CVE-2023-4424

HistoryNov 21, 2023 - 6:42 a.m.

CVE-2023-4424 bt: hci: DoS and possible RCE

2023-11-2106:42:45

CWE-190

zephyr

www.cve.org

ble

buffer overflow

zephyr os

dos

rce

advertising packet

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "3.5",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVELIST:CVE-2023-4424