Zephyrproject Zephyr 3.6.0 Release Candidate 1

CPE Details

Zephyrproject Zephyr 3.6.0 Release Candidate 1
zephyrproject
zephyr
3.6.0
2024-10-09
13h18 +00:00
2024-10-09
13h18 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:zephyrproject:zephyr:3.6.0:rc1:*:*:*:*:*:*

Informations

Vendor

zephyrproject

Product

zephyr

Version

3.6.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-1674 2025-02-25 07h18 +00:00 A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
8.2
Haute
CVE-2025-1673 2025-02-25 07h12 +00:00 A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
8.2
Haute
CVE-2024-8798 2024-12-15 23h23 +00:00 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
7.5
Haute
CVE-2024-11263 2024-11-15 22h53 +00:00 When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
9.4
Critique
CVE-2024-6444 2024-10-04 06h14 +00:00 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
6.5
Moyen
CVE-2024-6443 2024-10-04 05h56 +00:00 In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
6.5
Moyen
CVE-2024-6442 2024-10-04 05h36 +00:00 In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
6.5
Moyen
CVE-2024-6259 2024-09-13 20h17 +00:00 BT: HCI: adv_ext_report Improper discarding in adv_ext_report
7.6
Haute
CVE-2024-6137 2024-09-13 20h06 +00:00 BT: Classic: SDP OOB access in get_att_search_list
7.6
Haute
CVE-2024-6135 2024-09-13 19h51 +00:00 BT:Classic: Multiple missing buf length checks
7.6
Haute
CVE-2024-5931 2024-09-13 19h41 +00:00 BT: Unchecked user input in bap_broadcast_assistant
6.5
Moyen
CVE-2024-4785 2024-08-19 20h15 +00:00 BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
7.6
Haute
CVE-2024-3332 2024-07-03 16h44 +00:00 A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
6.5
Moyen
CVE-2024-3077 2024-03-29 05h06 +00:00 An malicious BLE device can crash BLE victim device by sending malformed gatt packet
6.8
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.