High
CVSS: 7.3
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the s…
Medium
CVSS: 6.1
Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
Low
CVSS: 3.8
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
Critical
CVSS: 9.4
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (defa…
High
CVSS: 7.6
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.
High
CVSS: 7.6
Parameters are not validated or sanitized, and are later used in various internal operations.
Medium
CVSS: 4.3
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.
High
CVSS: 7.1
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to discon…
High
CVSS: 7.5
A denial-of-service issue in the dns implemenation could cause an infinite loop.
High
CVSS: 8.2
The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.
High
CVSS: 8.2
A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.
High
CVSS: 8.2
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
High
CVSS: 8.6
No proper validation of the length of user input in http_server_get_content_type_from_extension.