CVE-2021-3436 Information

Jun 07, 2022 cve

Description

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2 >= 2.4.0 >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Reference

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

6.5

Share on: