CVE-2017-14201

Опубликовано: 29 авг. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.

Ссылки

https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html
Release Notes
Vendor Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/13260
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17
Broken Link
https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html
Release Notes
Vendor Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/13260
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

Версия до 1.14.0 (исключая)

EPSS

Процентиль: 71%

0.00698

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-v422-67vr-jrj5