CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10022

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile3.65th
PublishedMay 11, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.

Affected Platforms (CPE)

πŸ’»
Zephyrproject

Zephyr

= 2.1.0
πŸ’»
Zephyrproject

Zephyr

= 2.2.0

References & Advisories

πŸ”— https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022
πŸ”— https://github.com/zephyrproject-rtos/zephyr/pull/24065
πŸ”— https://github.com/zephyrproject-rtos/zephyr/pull/24066
πŸ”— https://github.com/zephyrproject-rtos/zephyr/pull/24154
πŸ”— https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28
πŸ”— https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022
πŸ”— https://github.com/zephyrproject-rtos/zephyr/pull/24065
πŸ”— https://github.com/zephyrproject-rtos/zephyr/pull/24066

Related Vulnerabilities

CVE-2017-129029.8

The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

CVE-2018-10008009.8

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can...

CVE-2017-141999.8

A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.

CVE-2021-36259.6

Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more informa...