Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver
CVE-2023-4259

7.1HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 26 September 2023

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2023-4259?

The Zephyr eS-WiFi driver contains two potential buffer overflow vulnerabilities in its source code. These vulnerabilities could allow an attacker to manipulate memory in a way that may lead to unauthorized access or system instability. It is crucial for users of affected versions to review their security posture and apply the necessary patches or mitigations as outlined in the project’s advisory.

Affected Version(s)

Zephyr 1.14 < 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

http://www.openwall.com/lists/oss-security/2023/11/07/1

http://seclists.org/fulldisclosure/2023/Nov/1

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2023
Vulnerability Reserved
Aug 8, 2023