.. _vulnerabilities_2017: CVE-2017 ######## :cve:`2017-14199` ----------------- Buffer overflow in :code:`getaddrinfo()`. - `Zephyr project bug tracker ZEPSEC-12 `_ - `PR6158 fix for 1.11.0 `_ :cve:`2017-14201` ----------------- The shell DNS command can cause unpredictable results due to misuse of stack variables. Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This has been fixed in release v1.14.0. - `Zephyr project bug tracker ZEPSEC-17 `_ - `PR13260 fix for v1.14.0 `_ :cve:`2017-14202` ----------------- The shell implementation does not protect against buffer overruns resulting in unpredictable behavior. Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This has been fixed in release v1.14.0. - `Zephyr project bug tracker ZEPSEC-18 `_ - `PR13048 fix for v1.14.0 `_