CVE-2021-3510

7.5 HIGH

Zephyr JSON decoder incorrectly decodes array of array

Published: 2021-10-05 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-588

Affected products

Vendor	Product
zephyrproject	zephyr

Description

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-10635 — On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, ... (6.3 MEDIUM)
CVE-2021-3455 — Disconnecting L2CAP channel right after invalid ATT request leads freeze (4.3 MEDIUM)
CVE-2021-3454 — Truncated L2CAP K-frame causes assertion failure (4.3 MEDIUM)
CVE-2021-3330 — RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr (7.1 HIGH)
CVE-2021-3323 — Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr (8.3 HIGH)

Same CWE

CVE-2021-3319 — DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses (6.5 MEDIUM)