CVE-2020-10019

Summary

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtoszephyr1.14.1 < unspecifiedaffected
zephyrproject-rtoszephyr2.1.0 < unspecifiedaffected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References