CVE-2023-4424
HIGHZephyr < 3.4.0 - Buffer Overflow via Malformed BLE Advertising Packet
Title source: llmDescription
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
References (1)
Core 1
Core References
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3
Scores
CVSS v3
8.3
EPSS
0.0039
EPSS Percentile
30.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-120
CWE-190
Status
published
Products (1)
zephyrproject/zephyr
< 3.4.0
Published
Nov 21, 2023
Tracked Since
Feb 18, 2026