Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

zephyr — Vulnerabilities & Security Advisories 134

All 134 CVE vulnerabilities found in zephyr, with AI-generated Chinese analysis, references, and POCs.

This page catalogs known Common Weakness Enumerations affecting the Zephyr real-time operating system developed by OpenSynergy and its community contributors. The collection aggregates a comprehensive range of security vulnerabilities identified within the Zephyr codebase, including memory safety issues, privilege escalation flaws, denial of service conditions, and improper input validation errors. These entries cover historical and recent disclosures spanning from the early development phases of the project through the present day, ensuring a complete audit trail of security incidents. Users can utilize this resource to track vendor security advisories for Zephyr, gaining insight into how the maintainers address and patch critical flaws as they emerge. Additionally, the page serves as a detailed reference for understanding specific weakness classes within the context of embedded systems and RTOS environments, helping developers recognize potential risks in their own implementations. By reviewing the vulnerability history of the product, engineering teams and security auditors can better assess the impact of known issues on their specific deployments and prioritize remediation efforts based on severity and exploitability. This structured aggregation facilitates proactive security management by providing a clear view of the threat landscape associated with the Zephyr project, allowing stakeholders to make informed decisions about upgrading to secure versions or implementing necessary mitigations. The data presented here is curated to support transparency and improve overall system resilience across the diverse range of devices and applications that rely on this open-source operating system for their core functionality.

Vendor: zephyrproject-rtos

CVE IDTitleCVSSSeverityPublished
CVE-2021-3431 BT: Assertion failure on repeated LL_FEATURE_REQ CWE-617 4.3 Medium2022-06-28
CVE-2021-3430 BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ CWE-617 6.5 Medium2022-06-28
CVE-2021-3861 The RNDIS USB device class includes a buffer overflow vulnerability CWE-122 8.2 High2022-02-07
CVE-2021-3835 Buffer overflow in usb device class CWE-122 8.2 High2022-02-07
CVE-2021-3454 Truncated L2CAP K-frame causes assertion failure CWE-130 4.3 Medium2021-10-19
CVE-2021-3455 Disconnecting L2CAP channel right after invalid ATT request leads freeze CWE-416 4.3 Medium2021-10-19
CVE-2021-3330 RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr CWE-787 7.1 High2021-10-12
CVE-2021-3323 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr CWE-191 8.3 High2021-10-12
CVE-2021-3322 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr CWE-476 6.5 Medium2021-10-12
CVE-2021-3321 Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal CWE-680 7.5 High2021-10-12
CVE-2021-3625 Buffer overflow in Zephyr USB DFU DNLOAD CWE-122 9.6 Critical2021-10-05
CVE-2021-3581 Buffer Access with Incorrect Length Value in zephyr CWE-805 7.0 High2021-10-05
CVE-2021-3510 Zephyr JSON decoder incorrectly decodes array of array CWE-588 7.5 High2021-10-05
CVE-2021-3436 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known CWE-694 4.3 Medium2021-10-05
CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses CWE-476 6.5 Medium2021-10-05
CVE-2021-3320 Type Confusion in 802154 ACK Frames Handling CWE-476 5.9 Medium2021-05-24
CVE-2020-13603 Integer Overflow in memory allocating functions CWE-190 6.9 Medium2021-05-24
CVE-2020-13601 Possible read out of bounds in dns read CWE-125 9.0 Critical2021-05-24
CVE-2020-13602 Remote Denial of Service in LwM2M do_write_op_tlv CWE-20 4.0 Medium2021-05-24
CVE-2020-13600 Malformed SPI in response for eswifi can corrupt kernel memory CWE-122 7.0 High2021-05-24
CVE-2020-13598 FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat CWE-121 6.3 Medium2021-05-24
CVE-2020-13599 Security problem with settings and littlefs CWE-276 3.3 Low2021-05-24
CVE-2020-10072 Improper Handling of Insufficient Permissions or Privileges in zephyr CWE-280 5.9 Medium2021-05-24
CVE-2020-10066 Incorrect Error Handling in Bluetooth HCI core CWE-476 2.5 Low2021-05-24
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service CWE-233 4.3 Medium2021-05-24
CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI CWE-130 3.8 Low2021-05-24
CVE-2020-10064 Improper Input Frame Validation in ieee802154 Processing CWE-121 8.3 High2021-05-24
CVE-2020-10071 Insufficient publish message length validation in MQTT CWE-120 9.0 Critical2020-06-05
CVE-2020-10061 Error handling invalid packet sequence CWE-119 8.1 High2020-06-05
CVE-2020-10062 Packet length decoding error in MQTT CWE-193 9.0 Critical2020-06-05

All 134 known CVE vulnerabilities affecting zephyr with full Chinese analysis, references, and POCs where available.