mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-23 23:14:03 +02:00
0xMarcio
1005 B
1005 B
CVE-2020-10071
Description
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
POC
Reference
- https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86
Github
No PoCs found on GitHub currently.