CVEFinder.io

CVE-2026-1678

⛔ critical
🔍 Scan for this CVE
Summary

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.

CVSS Score
9.4
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2026-03-05
First Seen: 2026-03-06
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.2% of all 330,193 vulnerabilities in our database.

#32,266
Top 10% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Mar 5, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
YES
Can be exploited automatically
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-03-09
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE IDs (Weakness Types)
CWE-787

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
zephyrproject zephyr Affected
< 4.3.0

🔗 References 1

https://github.com/zephyrproject-rtos/zephyr/securit...
Exploit Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-10641 ⚠ī¸ high 7.1 0.2 Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) cont... 2026-06-17
CVE-2026-10635 đŸ”ļ medium 6.3 0.1 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintain... 2026-06-16
CVE-2026-10640 đŸ”ļ medium 4.2 0.1 Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_... 2026-06-16
CVE-2026-1679 ⚠ī¸ high 7.3 0.1 The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; ove... 2026-03-28
CVE-2026-0849 ℹī¸ low 3.8 0.0 Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver... 2026-03-16
CVE-2026-4179 đŸ”ļ medium 6.1 0.0 Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. 2026-03-16
These CVEs affect the same products