bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

doc: security: cve-2023-4257 left embargo

Browse Source 
Disclose information about cve-2023-4257.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-10-13 14:20:24 -07:00 committed by Johan Hedberg
parent 52cf7e6fdf
commit 90b9809c6f
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/releases/release-notes-3.5.rst
View File

@ -23,7 +23,8 @@ https://docs.zephyrproject.org/latest/security/vulnerabilities.html
* CVE-2023-3725 `Zephyr project bug tracker GHSA-2g3m-p6c7-8rr3
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3>`_
* CVE-2023-4257: Under embargo until 2023-10-12
* CVE-2023-4257 `Zephyr project bug tracker GHSA-853q-q69w-gf5j
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j>`_
* CVE-2023-4258 `Zephyr project bug tracker GHSA-m34c-cp63-rwh7
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7>`_

14
doc/security/vulnerabilities.rst
View File

@ -1370,7 +1370,19 @@ This has been fixed in main for v3.5.0
CVE-2023-4257
-------------
Under embargo until 2023/10/12
Unchecked user input length in the Zephyr WiFi shell module can cause
buffer overflows.
- `Zephyr project bug tracker GHSA-853q-q69w-gf5j
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j>`_
This has been fixed in main for v3.5.0
- `PR 605377 fix for main
<https://github.com/zephyrproject-rtos/zephyr/pull/605377>`_
- `PR 61383 fix for 3.4
<https://github.com/zephyrproject-rtos/zephyr/pull/61383>`_
CVE-2023-4258
-------------