CVE-2021-3436

Опубликовано: 05 окт. 2021

Источник: nvd

CVSS3: 4.3

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63

Ссылки

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
Exploit
Patch
Third Party Advisory
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*

cpe:2.3:o:zephyrproject:zephyr:2.4.0:*:*:*:*:*:*:*

cpe:2.3:o:zephyrproject:zephyr:2.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00315

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-694

NVD-CWE-Other

EPSS

Процентиль: 54%

0.00315

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-694

NVD-CWE-Other