PT-2021-9662 · Zephyr · Zephyr

3Zd3Z

Published

2021-05-24

Updated

2021-05-27

CVE-2020-13602

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Zephyr versions 1.14.2 and later Zephyr versions 2.2.0 and later

Description The issue is related to a Remote Denial of Service in LwM2M do write op tlv, caused by Improper Input Validation and an Infinite Loop.

Recommendations For Zephyr versions 1.14.2 and later, update to a version that includes the fix for the Improper Input Validation and Infinite Loop issues. For Zephyr versions 2.2.0 and later, update to a version that includes the fix for the Improper Input Validation and Infinite Loop issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Infinite Loop

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-20

Related Identifiers

CVE-2020-13602

GHSA-G9MG-FJ58-6FQH

Affected Products

Zephyr

PT-2021-9662 · Zephyr · Zephyr

CVE-2020-13602

Weakness Enumeration

Related Identifiers

Affected Products

References · 3