CVE-2020-10022

Опубликовано: 11 мая 2020

Источник: nvd

CVSS3: 9

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.

Ссылки

https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022
https://github.com/zephyrproject-rtos/zephyr/pull/24065
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/24066
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/24154
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28
Third Party Advisory
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022
https://github.com/zephyrproject-rtos/zephyr/pull/24065
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/24066
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/24154
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*

cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01697

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-cpxw-453r-hpg9

github

больше 3 лет назад

EPSS

Процентиль: 82%

0.01697

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120