L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req()
CVE-2023-5055

9.8CRITICAL

Key Information:

Vendor: zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 21 November 2023

🔔 Create zephyrproject-rtos Vulnerability Alert

What is CVE-2023-5055?

A potential security vulnerability has been identified in the Zephyr RTOS affecting the handling of configuration request functions. This vulnerability may lead to unauthorized access or alterations within the system, especially if exploited. Developers and users of affected versions are advised to review security advisories for necessary mitigations and updates.

Affected Version(s)

Zephyr * <= 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2023
Vulnerability Reserved
Sep 18, 2023