CVE-2021-3581

7.0 HIGH

Buffer Access with Incorrect Length Value in zephyr

Published: 2021-10-05 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.0 HIGH
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-1284, CWE-805

Affected products

Vendor	Product
zephyrproject	zephyr

Description

Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-10635 — On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, ... (6.3 MEDIUM)
CVE-2021-3455 — Disconnecting L2CAP channel right after invalid ATT request leads freeze (4.3 MEDIUM)
CVE-2021-3454 — Truncated L2CAP K-frame causes assertion failure (4.3 MEDIUM)
CVE-2021-3330 — RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr (7.1 HIGH)
CVE-2021-3323 — Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr (8.3 HIGH)

Same CWE

CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
CVE-2026-12087 — Socket versions before 2.041 for Perl have an out-of-bounds heap read (9.1 CRITICAL)
CVE-2026-49110 — Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions (7.5 HIGH)
CVE-2026-49078 — Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions (7.5 HIGH)