CVE-2021-3510

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
zephyrCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
zephyrprojectzephyr
1.14.0
zephyrprojectzephyr
1.14.0:rc1
zephyrprojectzephyr
1.14.0:rc2
zephyrprojectzephyr
1.14.0:rc3
zephyrprojectzephyr
1.14.1
zephyrprojectzephyr
1.14.1:rc1
zephyrprojectzephyr
1.14.1:rc2
zephyrprojectzephyr
1.14.1:rc3
zephyrprojectzephyr
1.14.2
zephyrprojectzephyr
1.14.3:rc1
zephyrprojectzephyr
1.14.3:rc2
zephyrprojectzephyr
2.5.0
zephyrprojectzephyr
2.5.0:rc1
zephyrprojectzephyr
2.5.0:rc2
zephyrprojectzephyr
2.5.0:rc3
zephyrprojectzephyr
2.5.0:rc4
zephyrprojectzephyr
2.5.1:rc1
zephyrprojectzephyr
2.6.0
zephyrprojectzephyr
2.6.0:rc1
zephyrprojectzephyr
2.6.0:rc2
zephyrprojectzephyr
2.6.0:rc3
zephyrprojectzephyr
2.6.1:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4