Lucene search

ZephyrCVELIST:CVE-2023-5753

HistoryOct 24, 2023 - 4:09 p.m.

CVE-2023-5753 Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem

2023-10-2416:09:03

CWE-120

CWE-191

zephyr

www.cve.org

cve-2023-5753

buffer overflow

zephyr

bluetooth subsystem

asserts disabled

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

19.1%

JSON

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "3.5",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html

seclists.org/fulldisclosure/2023/Nov/1

www.openwall.com/lists/oss-security/2023/11/07/1

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

19.1%

JSON

Related for CVELIST:CVE-2023-5753