CVE-2023-0779 MEDIUM

CVE-2023-0779: net: shell: Improper input validation

Vendor Zephyrproject-Rtos
Product zephyr
Weakness CWE-20 · Input validation
Published May 30, 2023
Last update February 13, 2025

CVSS base score

6.7/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.

Key dates

02Disclosure timeline

May 30, 2023 CVE published
February 13, 2025 Record updated