Unchecked user input length in the Zephyr WiFi shell module
CVE-2023-4257

7.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 13 October 2023

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2023-4257?

This vulnerability arises from unchecked user input length in the Wi-Fi shell component of Zephyr RTOS, specifically in the wifi_shell.c file. This flaw can enable an attacker to exploit buffer overflows, potentially leading to arbitrary code execution or system instability. It is crucial for users of Zephyr RTOS to apply security practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Zephyr 0 <= 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

http://www.openwall.com/lists/oss-security/2023/11/07/1

http://seclists.org/fulldisclosure/2023/Nov/1

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Aug 8, 2023