← back
CVE-2021-3625

Buffer overflow in Zephyr USB DFU DNLOAD

CVSS 9.6 CRITICALEPSS 2.3%CWE-122
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Affected products
zephyrproject-rtos · zephyr
public PoCs found1
githubgithub.com/szymonh/zephyr_cve-2021-36257
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363