Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
CVE-2023-4263

7.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 13 October 2023

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2023-4263?

A potential buffer overflow vulnerability exists within the Zephyr IEEE 802.15.4 nRF driver. This could allow an attacker to exploit the driver, potentially leading to arbitrary code execution or denial of service on affected systems. Developers and system administrators should promptly assess their environments and apply necessary patches or mitigations to safeguard their applications from exploitation.

Affected Version(s)

Zephyr 0 <= 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

http://www.openwall.com/lists/oss-security/2023/11/07/1

http://seclists.org/fulldisclosure/2023/Nov/1

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Aug 8, 2023