CVE-2021-3581 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
zephyr	CNA	7 HIGH	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Vendor	Product	Version
zephyrproject	zephyr	2.5.0 ≤ 𝑥 < 2.6.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-805 - Buffer Access with Incorrect Length Value
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5