Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4424

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

Published

2023-11-21T07:15:10.557

Last Modified

2024-11-21T08:35:07.337

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zephyrproject	zephyr	≤ 3.4.0	Yes

References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3 Third Party Advisory ([email protected])
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)