Buffer Under-read Affecting zephyrproject-rtos/zephyr package, versions [4.0.0-rc1,4.0.0-rc2)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UNMANAGED-ZEPHYRPROJECTRTOSZEPHYR-8685143
- published3 Feb 2025
- disclosed3 Feb 2025
- creditJonas Spinner
Introduced: 3 Feb 2025
NewCVE-2024-10395 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade zephyrproject-rtos/zephyr to version 4.0.0-rc2 or higher.
Overview
Affected versions of this package are vulnerable to Buffer Under-read in the http_server_get_content_type_from_extension() function.