CVE-2021-3436

Summary

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtoszephyr1.14.2 < unspecifiedaffected
zephyrproject-rtoszephyr2.4.0 < unspecifiedaffected
zephyrproject-rtoszephyr2.5.0 < unspecifiedaffected

Weaknesses

  • CWE-694: Use of Multiple Resources with Duplicate Identifier (CWE-694)

ADP Enrichment

CVE Program Container

Additional References

References