Vulnerability Description
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zephyrproject | Zephyr | <= 2.2.0 |
Related Weaknesses (CWE)
References
- https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-100Vendor Advisory
- https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b4382PatchThird Party Advisory
- https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-secuThird Party Advisory
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84Third Party Advisory
- https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-100Vendor Advisory
- https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b4382PatchThird Party Advisory
- https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-secuThird Party Advisory
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84Third Party Advisory
FAQ
What is CVE-2020-10062?
CVE-2020-10062 is a vulnerability with a CVSS score of 9.0 (CRITICAL). An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr versi...
How severe is CVE-2020-10062?
CVE-2020-10062 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10062?
Check the references section above for vendor advisories and patch information. Affected products include: Zephyrproject Zephyr.