CVE-2020-10019

Description

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

zephyrproject-rtos / Zephyr1.14.1 – unspecified
zephyrproject-rtos / Zephyr2.1.0 – unspecified

References

MISChttps://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25
PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/23190
PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/23457
PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/23460
MISChttps://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019