L2CAP: Stack based buffer overflow in le_ecred_conn_req()

Moderate

d3zd3z published GHSA-8w87-6rfp-cfrm

Jun 21, 2021

Package

zephyr (west)

Affected versions

>=2.5.0

Patched versions

2.6.0

Description

Impact

L2CAP: Stack based buffer overflow in le_ecred_conn_req

Patches

This has been fixed in:

main #33305
v2.5: #33419
v2.4: #33418
v1.14: TBD

For more information

If you have any questions or comments about this advisory:

Open an issue in zephyr
Email us at Zephyr-vulnerabilities

embargo: 2021-06-11
zepsec: ZEPSEC-136

Severity

Moderate

4.9

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L