{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T11:56:44.525","vulnerabilities":[{"cve":{"id":"CVE-2020-10022","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2020-05-11T23:15:11.457","lastModified":"2024-11-21T04:54:40.253","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."},{"lang":"es","value":"Una carga útil JSON malformada que es recibida desde un servidor UpdateHub puede desencadenar una corrupción de la memoria en el Sistema Operativo Zephyr. Esto podría resultar en una denegación de servicio en el mejor de los casos, o una ejecución de código en el peor de los casos. Consulte NCC-NCC-016. Este problema afecta a: zephyrproject-rtos zephyr versión 2.1.0 y versiones posteriores. Versión 2.2.0 y versiones posteriores."}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EF33DD80-0286-477C-88A4-FCEC0D80F520"},{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"677DD0A3-502D-45F1-9CC8-8DDB8F230DFC"}]}]}],"references":[{"url":"https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022","source":"vulnerabilities@zephyrproject.org"},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24065","source":"vulnerabilities@zephyrproject.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24066","source":"vulnerabilities@zephyrproject.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24154","source":"vulnerabilities@zephyrproject.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28","source":"vulnerabilities@zephyrproject.org","tags":["Third Party Advisory"]},{"url":"https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24065","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24066","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24154","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}