Known Vulnerabilities for products from Zephyrproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zephyrproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-1679 | The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversize... | Not Provided | 2026-03-28 | 2026-03-31 |
| CVE-2022-0553 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.6 - MEDIUM | 2023-01-11 | 2023-07-21 |
| CVE-2021-3966 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-01-11 | 2023-01-18 |
| CVE-2021-3861 | The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Over... | 6.8 - MEDIUM | 2022-02-07 | 2022-02-11 |
| CVE-2021-3835 | Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more informa... | 8.8 - HIGH | 2022-02-07 | 2022-02-11 |
| CVE-2021-3625 | Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more in... | 9.8 - CRITICAL | 2021-10-05 | 2021-10-13 |
| CVE-2021-3581 | Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length V... | 8.8 - HIGH | 2021-10-05 | 2023-06-26 |
| CVE-2021-3510 | Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child... | 7.5 - HIGH | 2021-10-05 | 2021-10-14 |
| CVE-2021-3455 | Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use Afte... | 7.5 - HIGH | 2021-10-19 | 2021-10-26 |
| CVE-2021-3454 | Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Par... | 7.5 - HIGH | 2021-10-19 | 2023-07-07 |
| CVE-2021-3436 | BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zep... | 6.5 - MEDIUM | 2021-10-05 | 2021-10-13 |
| CVE-2021-3435 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.3 - LOW | 2022-06-28 | 2022-07-08 |
| CVE-2021-3434 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-06-28 | 2022-07-08 |
| CVE-2021-3433 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.3 - LOW | 2022-06-28 | 2023-06-26 |
| CVE-2021-3432 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-06-28 | 2022-07-08 |
| CVE-2021-3431 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-06-28 | 2022-07-08 |
| CVE-2021-3430 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-06-28 | 2022-07-08 |
| CVE-2021-3330 | RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr... | 8.8 - HIGH | 2021-10-12 | 2021-10-18 |
| CVE-2021-3329 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-02-26 | 2023-03-07 |
| CVE-2021-3323 | Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap ... | 9.8 - CRITICAL | 2021-10-12 | 2021-10-18 |
Known software with vulnerabilities from Zephyrproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zephyrproject | Zephyr | 1.0.0 |