Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zephyrproject-rtos — Vulnerabilities & Security Advisories 119

Browse all 119 CVE security advisories affecting zephyrproject-rtos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zephyr Project is an open-source real-time operating system designed for constrained, resource-limited devices, primarily serving the Internet of Things and embedded systems sectors. Its architecture supports diverse hardware architectures, enabling developers to build secure, scalable applications for wearables, medical devices, and industrial sensors. Historically, the codebase has exhibited vulnerabilities typical of complex C-based systems, including buffer overflows, use-after-free errors, and improper input validation, which can lead to remote code execution or privilege escalation. While no single catastrophic incident has defined its history, the high volume of recorded CVEs highlights the challenges of maintaining security in a rapidly evolving, community-driven project. The RTOS relies on rigorous code review and automated testing to mitigate risks, yet its widespread adoption in critical infrastructure necessitates continuous vigilance against exploitation of memory safety flaws and configuration weaknesses.

Top products by zephyrproject-rtos: zephyr
CVE IDTitleCVSSSeverityPublished
CVE-2021-3320 Type Confusion in 802154 ACK Frames Handling — zephyrCWE-476 5.9 Medium2021-05-24
CVE-2020-13603 Integer Overflow in memory allocating functions — zephyrCWE-190 6.9 Medium2021-05-24
CVE-2020-13601 Possible read out of bounds in dns read — zephyrCWE-125 9.0 Critical2021-05-24
CVE-2020-13602 Remote Denial of Service in LwM2M do_write_op_tlv — zephyrCWE-20 4.0 Medium2021-05-24
CVE-2020-13600 Malformed SPI in response for eswifi can corrupt kernel memory — zephyrCWE-122 7.0 High2021-05-24
CVE-2020-13598 FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat — zephyrCWE-121 6.3 Medium2021-05-24
CVE-2020-13599 Security problem with settings and littlefs — zephyrCWE-276 3.3 Low2021-05-24
CVE-2020-10072 Improper Handling of Insufficient Permissions or Privileges in zephyr — zephyrCWE-280 5.9 Medium2021-05-24
CVE-2020-10066 Incorrect Error Handling in Bluetooth HCI core — zephyrCWE-476 2.5 Low2021-05-24
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service — zephyrCWE-233 4.3 Medium2021-05-24
CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI — zephyrCWE-130 3.8 Low2021-05-24
CVE-2020-10064 Improper Input Frame Validation in ieee802154 Processing — zephyrCWE-121 8.3 High2021-05-24
CVE-2020-10071 Insufficient publish message length validation in MQTT — zephyrCWE-120 9.0 Critical2020-06-05
CVE-2020-10061 Error handling invalid packet sequence — zephyrCWE-119 8.1 High2020-06-05
CVE-2020-10062 Packet length decoding error in MQTT — zephyrCWE-193 9.0 Critical2020-06-05
CVE-2020-10063 Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow — zephyrCWE-190 6.8 Medium2020-06-05
CVE-2020-10068 Zephyr Bluetooth DLE duplicate requests vulnerability — zephyrCWE-20 5.1 Medium2020-06-05
CVE-2020-10070 MQTT buffer overflow on receive buffer — zephyrCWE-120 9.0 Critical2020-06-05
CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer — zephyrCWE-119 8.0 High2020-05-11
CVE-2020-10067 Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory — zephyrCWE-190 7.5 High2020-05-11
CVE-2020-10058 Multiple Syscalls In kscan Subsystem Performs No Argument Validation — zephyrCWE-20 7.8 High2020-05-11
CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification — zephyrCWE-295 4.8 Medium2020-05-11
CVE-2020-10027 ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers — zephyrCWE-697 7.8 High2020-05-11
CVE-2020-10028 Multiple Syscalls In GPIO Subsystem Performs No Argument Validation — zephyrCWE-20 7.8 High2020-05-11
CVE-2020-10024 ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers — zephyrCWE-697 7.8 High2020-05-11
CVE-2020-10023 Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim — zephyrCWE-120 6.9 Medium2020-05-11
CVE-2020-10021 Out-of-bounds write in USB Mass Storage with unaligned sizes — zephyrCWE-787 8.1 High2020-05-11
CVE-2020-10022 UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array — zephyrCWE-120 9.0 Critical2020-05-11
CVE-2020-10019 Buffer Overflow in USB DFU requested length — zephyrCWE-120 8.1 High2020-05-11

This page lists every published CVE security advisory associated with zephyrproject-rtos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.