Description
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
References (1)
Core 1
Core References
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3
Scores
CVSS v3
8.3
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-190
CWE-120
Status
published
Products (1)
zephyrproject/zephyr
< 3.4.0
Published
Nov 21, 2023
Tracked Since
Feb 18, 2026