CVE-2023-4424

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

Published: Nov 21, 2023
Updated: Nov 30, 2023
CVE: CVE-2023-4424
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
zephyrproject / zephyr	-	3.4.0.x

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3

Vulnerability Database

289,697

CVE-2023-4424