CVE-2021-3455
4.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| zephyrproject-rtos | zephyr | 2.4.0 < unspecified | affected |
| zephyrproject-rtos | zephyr | 2.5.0 < unspecified | affected |
Weaknesses
- CWE-416: Use After Free (CWE-416)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.