CVE-2021-3436
4.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| zephyrproject-rtos | zephyr | 1.14.2 < unspecified | affected |
| zephyrproject-rtos | zephyr | 2.4.0 < unspecified | affected |
| zephyrproject-rtos | zephyr | 2.5.0 < unspecified | affected |
Weaknesses
- CWE-694: Use of Multiple Resources with Duplicate Identifier (CWE-694)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.