PT-2020-11866 · Zephyr · Zephyr

Ceolin

Published

2020-05-11

Updated

2020-06-05

CVE-2020-10023

CVSS v3.1

6.9

Medium

Vector

AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zephyr versions 1.14.0 through 2.1.0 and later versions, but for clarity, this can be simplified to: zephyr versions 1.14.0 and later versions

Description The issue is related to a buffer overflow in the shell subsystem. This can lead to memory corruption, resulting in denial of service or possibly code execution within the kernel. An adversary would need physical access to the device to exploit this issue.

Recommendations For zephyr versions 1.14.0 and later versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-10023

Affected Products

Zephyr

PT-2020-11866 · Zephyr · Zephyr

CVE-2020-10023

Weakness Enumeration

Related Identifiers

Affected Products

References · 7