CVE-2020-13602

Description

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh

Affected Software
References

Software	From	Fixed in
zephyrproject / zephyr	-	1.14.2.x
zephyrproject / zephyr	2.0.0	2.2.0.x

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh

Severity: Medium

CVE: CVE-2020-13602
Published: May 25, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-20
CWE-835

CVE-2020-13602

Description

Details

CVSS v3

CVSS v2

CWEs