Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim

Description

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel.

See NCC-NCC-019

Environment

None

Activity

Show:
David Brown
March 4, 2020, 9:29 PM

This can be exploited externally (and fairly easily), therefore I’m changing this to High.

Flavio Ceolin
March 5, 2020, 7:49 PM

David Brown
March 5, 2020, 9:39 PM

Code owners notified.

Assignee

David Brown

Reporter

David Brown

Labels

None

Authorized viewers

Jeremy Boone

CVE

CVE-2020-10023

Embargo Lift

2020/05/01

Components

Fix versions

Affects versions

Priority

High
Configure