Zephyrproject: >> Zephyr >> 3.7.0 Security Vulnerabilities
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
CVSS Score
8.2
EPSS Score
0.002
Published
2025-02-25
No proper validation of the length of user input in http_server_get_content_type_from_extension.
CVSS Score
8.6
EPSS Score
0.003
Published
2025-02-03
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-12-16
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
CVSS Score
9.3
EPSS Score
0.0
Published
2024-11-15
Page 2