Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-10071
PUBLISHED
More InfoOfficial Page
Assigner-zephyr
Assigner Org ID-e2e69745-5e70-4e92-8431-deb5529a81ad
View Known Exploited Vulnerability (KEV) details
Published At-05 Jun, 2020 | 17:37
Updated At-17 Sep, 2024 | 04:19
Rejected At-
▼CVE Numbering Authority (CNA)
Insufficient publish message length validation in MQTT

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

Affected Products
Vendor
Zephyr Projectzephyrproject-rtos
Product
zephyr
Versions
Affected
  • From 2.2.0 before unspecified (custom)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Overflow
CWECWE-129CWE-129 Improper Validation of Array Index
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Overflow
Type: CWE
CWE ID: CWE-129
Description: CWE-129 Improper Validation of Array Index
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
NCC Group for report
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment
x_refsource_MISC
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86
x_refsource_MISC
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071
x_refsource_MISC
https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082
x_refsource_MISC
Hyperlink: https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment
Resource:
x_refsource_MISC
Hyperlink: https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86
Resource:
x_refsource_MISC
Hyperlink: https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071
Resource:
x_refsource_MISC
Hyperlink: https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment
x_refsource_MISC
x_transferred
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86
x_refsource_MISC
x_transferred
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071
x_refsource_MISC
x_transferred
https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082
x_refsource_MISC
x_transferred
Hyperlink: https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082
Resource:
x_refsource_MISC
x_transferred
Details not found