Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem
CVE-2023-4264

7.1HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 27 September 2023

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2023-4264?

The Zephyr Bluetooth subsystem contains potential buffer overflow vulnerabilities that could be exploited, leading to unexpected behavior or crash of affected devices. This vulnerability arises from improper handling of input data, potentially allowing an attacker to manipulate memory operations and compromise the system. It is crucial for users and developers utilizing the Zephyr RTOS to assess and mitigate these risks, ensuring robust security measures are in place to protect sensitive data and functionalities.

Affected Version(s)

Zephyr 0 <= 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

http://www.openwall.com/lists/oss-security/2023/11/07/1

http://seclists.org/fulldisclosure/2023/Nov/1

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 8, 2023