Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

zephyrproject-rtos — Vulnerabilities & Security Advisories 126

Browse all 126 CVE security advisories affecting zephyrproject-rtos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zephyr Project is an open-source real-time operating system designed for constrained, resource-limited devices, primarily serving the Internet of Things and embedded systems sectors. Its architecture supports diverse hardware architectures, enabling developers to build secure, scalable applications for wearables, medical devices, and industrial sensors. Historically, the codebase has exhibited vulnerabilities typical of complex C-based systems, including buffer overflows, use-after-free errors, and improper input validation, which can lead to remote code execution or privilege escalation. While no single catastrophic incident has defined its history, the high volume of recorded CVEs highlights the challenges of maintaining security in a rapidly evolving, community-driven project. The RTOS relies on rigorous code review and automated testing to mitigate risks, yet its widespread adoption in critical infrastructure necessitates continuous vigilance against exploitation of memory safety flaws and configuration weaknesses.

Top products by zephyrproject-rtos: zephyr
CVE IDTitleCVSSSeverityPublished
CVE-2021-3322 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr — zephyrCWE-476 6.5 Medium2021-10-12
CVE-2021-3321 Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal — zephyrCWE-680 7.5 High2021-10-12
CVE-2021-3625 Buffer overflow in Zephyr USB DFU DNLOAD — zephyrCWE-122 9.6 Critical2021-10-05
CVE-2021-3581 Buffer Access with Incorrect Length Value in zephyr — zephyrCWE-805 7.0 High2021-10-05
CVE-2021-3510 Zephyr JSON decoder incorrectly decodes array of array — zephyrCWE-588 7.5 High2021-10-05
CVE-2021-3436 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known — zephyrCWE-694 4.3 Medium2021-10-05
CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses — zephyrCWE-476 6.5 Medium2021-10-05
CVE-2021-3320 Type Confusion in 802154 ACK Frames Handling — zephyrCWE-476 5.9 Medium2021-05-24
CVE-2020-13603 Integer Overflow in memory allocating functions — zephyrCWE-190 6.9 Medium2021-05-24
CVE-2020-13601 Possible read out of bounds in dns read — zephyrCWE-125 9.0 Critical2021-05-24
CVE-2020-13602 Remote Denial of Service in LwM2M do_write_op_tlv — zephyrCWE-20 4.0 Medium2021-05-24
CVE-2020-13600 Malformed SPI in response for eswifi can corrupt kernel memory — zephyrCWE-122 7.0 High2021-05-24
CVE-2020-13598 FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat — zephyrCWE-121 6.3 Medium2021-05-24
CVE-2020-13599 Security problem with settings and littlefs — zephyrCWE-276 3.3 Low2021-05-24
CVE-2020-10072 Improper Handling of Insufficient Permissions or Privileges in zephyr — zephyrCWE-280 5.9 Medium2021-05-24
CVE-2020-10066 Incorrect Error Handling in Bluetooth HCI core — zephyrCWE-476 2.5 Low2021-05-24
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service — zephyrCWE-233 4.3 Medium2021-05-24
CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI — zephyrCWE-130 3.8 Low2021-05-24
CVE-2020-10064 Improper Input Frame Validation in ieee802154 Processing — zephyrCWE-121 8.3 High2021-05-24
CVE-2020-10071 Insufficient publish message length validation in MQTT — zephyrCWE-120 9.0 Critical2020-06-05
CVE-2020-10061 Error handling invalid packet sequence — zephyrCWE-119 8.1 High2020-06-05
CVE-2020-10062 Packet length decoding error in MQTT — zephyrCWE-193 9.0 Critical2020-06-05
CVE-2020-10063 Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow — zephyrCWE-190 6.8 Medium2020-06-05
CVE-2020-10068 Zephyr Bluetooth DLE duplicate requests vulnerability — zephyrCWE-20 5.1 Medium2020-06-05
CVE-2020-10070 MQTT buffer overflow on receive buffer — zephyrCWE-120 9.0 Critical2020-06-05
CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer — zephyrCWE-119 8.0 High2020-05-11
CVE-2020-10067 Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory — zephyrCWE-190 7.5 High2020-05-11
CVE-2020-10058 Multiple Syscalls In kscan Subsystem Performs No Argument Validation — zephyrCWE-20 7.8 High2020-05-11
CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification — zephyrCWE-295 4.8 Medium2020-05-11
CVE-2020-10027 ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers — zephyrCWE-697 7.8 High2020-05-11

This page lists every published CVE security advisory associated with zephyrproject-rtos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.