From 90b9809c6f5563c8a8f93310fa65fdb8f321bc06 Mon Sep 17 00:00:00 2001 From: Flavio Ceolin Date: Fri, 13 Oct 2023 14:20:24 -0700 Subject: [PATCH] doc: security: cve-2023-4257 left embargo Disclose information about cve-2023-4257. Signed-off-by: Flavio Ceolin --- doc/releases/release-notes-3.5.rst | 3 ++- doc/security/vulnerabilities.rst | 14 +++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/doc/releases/release-notes-3.5.rst b/doc/releases/release-notes-3.5.rst index 1cee2559413..f66ff4c2053 100644 --- a/doc/releases/release-notes-3.5.rst +++ b/doc/releases/release-notes-3.5.rst @@ -23,7 +23,8 @@ https://docs.zephyrproject.org/latest/security/vulnerabilities.html * CVE-2023-3725 `Zephyr project bug tracker GHSA-2g3m-p6c7-8rr3 `_ -* CVE-2023-4257: Under embargo until 2023-10-12 +* CVE-2023-4257 `Zephyr project bug tracker GHSA-853q-q69w-gf5j + `_ * CVE-2023-4258 `Zephyr project bug tracker GHSA-m34c-cp63-rwh7 `_ diff --git a/doc/security/vulnerabilities.rst b/doc/security/vulnerabilities.rst index 1261f50be89..669383e7d0f 100644 --- a/doc/security/vulnerabilities.rst +++ b/doc/security/vulnerabilities.rst @@ -1370,7 +1370,19 @@ This has been fixed in main for v3.5.0 CVE-2023-4257 ------------- -Under embargo until 2023/10/12 +Unchecked user input length in the Zephyr WiFi shell module can cause +buffer overflows. + +- `Zephyr project bug tracker GHSA-853q-q69w-gf5j + `_ + +This has been fixed in main for v3.5.0 + +- `PR 605377 fix for main + `_ + +- `PR 61383 fix for 3.4 + `_ CVE-2023-4258 -------------