Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HZephyrproject Zephyr
OSZephyrproject1.14.01.14.11.14.21.14.32.5.02.5.12.6.02.6.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2026-1678CRITICAL9.4PL ✓ten sam produkt
Out-of-bounds write w dns_unpack_name() w Zephyr RTOS (DNS Resolver)
CVE-2024-11263CRITICAL9.3PL ✓ten sam produkt
Błąd adresowania GP w Zephyr RTOS na architekturze RISC-V
CVE-2021-3329CRITICAL9.6ten sam produkt
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
CVE-2022-3806CRITICAL9.8ten sam produkt
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
CVE-2023-0397CRITICAL9.6ten sam produkt
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buff...