CVE-2023-6249— ipm: signed to unsigned conversion problem in esp32_ipm_send
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-6249
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ipm: signed to unsigned conversion problem in esp32_ipm_send
Source: NVD (National Vulnerability Database)
Vulnerability Description
Signed to unsigned conversion esp32_ipm_send
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不正确的类型转换
Source: NVD (National Vulnerability Database)
Vulnerability Title
zephyr 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zephyr是Zephyr Project开源的一个可扩展的实时操作系统 (RTOS)。 zephyr 3.5及之前版本存在安全漏洞,该漏洞源于esp32_ipm_send 中的有符号到无符号转换问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr | * ~ 3.5 | - |
II. Public POCs for CVE-2023-6249
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-6249
请登录查看更多情报信息。
Same Patch Batch · zephyrproject-rtos · 2024-02-18 · 3 CVEs total
| CVE-2023-6749 | 8.0 HIGH | Unchecked user input length in the Zephyr Settings Shell |
| CVE-2023-5779 | 4.4 MEDIUM | can: out of bounds in remove_rx_filter function |
IV. Related Vulnerabilities
Same product: Zephyr
- CVE-2026-1677
net: TLS 1.2 connections allowed on TLS 1.3 sockets - CVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a - CVE-2026-1679
net: eswifi socket send payload length not bounded - CVE-2026-4179
stm32: usb: Infinite while loop in Interrupt Handler - CVE-2026-0849
crypto: ATAES132A response length allows stack buffer overfl
Same vendor: zephyrproject-rtos
- CVE-2026-1677
net: TLS 1.2 connections allowed on TLS 1.3 sockets - CVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a - CVE-2026-1679
net: eswifi socket send payload length not bounded - CVE-2026-4179
stm32: usb: Infinite while loop in Interrupt Handler - CVE-2026-0849
crypto: ATAES132A response length allows stack buffer overfl
Same weakness: CWE-704
- CVE-2026-42576
apko `DiscoverKeys` has a panic on non-rsa jwks key that cau - CVE-2026-40613
Coturn: Misaligned Memory Access in coturn STUN Attribute Pa - CVE-2026-34379
OpenEXR has a misaligned write in LossyDctDecoder_execute le - CVE-2021-4456
Net::CIDR versions before 0.24 for Perl mishandle leading ze - CVE-2025-40541
SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Re
V. Comments for CVE-2023-6249
No comments yet