Headline
CVE-2021-3434
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
L2CAP: Stack based buffer overflow in le_ecred_conn_req()
Moderate
d3zd3z published GHSA-8w87-6rfp-cfrm
Jun 21, 2021
Affected versions
>=2.5.0
Description
Impact
L2CAP: Stack based buffer overflow in le_ecred_conn_req
Patches
This has been fixed in:
- main #33305
- v2.5: #33419
- v2.4: #33418
- v1.14: TBD
For more information
If you have any questions or comments about this advisory:
- Open an issue in zephyr
- Email us at Zephyr-vulnerabilities
embargo: 2021-06-11
zepsec: ZEPSEC-136
Severity
CVSS base metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Weaknesses
Credits
Related news
CVE-2023-5055: L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req()
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.