Vulnerability Description
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zephyrproject | Zephyr | <= 2.2.0 |
Related Weaknesses (CWE)
References
- https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-100Vendor Advisory
- https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feePatchThird Party Advisory
- https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-secuThird Party Advisory
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85Third Party Advisory
- https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-100Vendor Advisory
- https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feePatchThird Party Advisory
- https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-secuThird Party Advisory
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85Third Party Advisory
FAQ
What is CVE-2020-10070?
CVE-2020-10070 is a vulnerability with a CVSS score of 9.0 (CRITICAL). In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 an...
How severe is CVE-2020-10070?
CVE-2020-10070 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10070?
Check the references section above for vendor advisories and patch information. Affected products include: Zephyrproject Zephyr.