Login Sign Up

CVE-2023-3725

7.6 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability exists in the Zephyr RTOS CAN bus subsystem, allowing attackers to execute arbitrary code or cause denial of service. This affects embedded systems and IoT devices running vulnerable Zephyr versions with CAN bus functionality enabled.

💻 Affected Systems

Products:
  • Zephyr RTOS
Versions: Zephyr RTOS 3.x.0 versions
Operating Systems: Zephyr RTOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with CAN bus subsystem enabled and configured

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or device bricking

🟠

Likely Case

Denial of service causing device crashes or instability in CAN bus communications

🟢

If Mitigated

Limited impact if CAN bus is isolated from untrusted networks and proper input validation is implemented

🌐 Internet-Facing: MEDIUM - Requires CAN bus exposure to untrusted networks, which is less common but possible in industrial IoT
🏢 Internal Only: HIGH - CAN bus networks often lack segmentation, allowing lateral movement if compromised

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires CAN bus access and knowledge of target system architecture

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Zephyr RTOS 3.2.0 and later

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to version 3.2.0 or later. 2. Rebuild and redeploy firmware. 3. Restart affected devices.

🔧 Temporary Workarounds

Disable CAN bus subsystem

all

Disable CAN bus functionality if not required

CONFIG_CAN=n in prj.conf or Kconfig

Implement CAN bus network segmentation

all

Isolate CAN bus networks from untrusted networks

🧯 If You Can't Patch

  • Implement strict CAN bus message filtering and validation
  • Deploy network monitoring for anomalous CAN bus traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Zephyr version and CAN bus configuration: grep -r 'CONFIG_CAN=y' && cat VERSION

Check Version:

cat VERSION

Verify Fix Applied:

Verify Zephyr version is 3.2.0 or later: cat VERSION | grep -E '^3\.[2-9]|^[4-9]'

📡 Detection & Monitoring

Log Indicators:

  • CAN bus subsystem crashes
  • Memory corruption errors
  • Unexpected device reboots

Network Indicators:

  • Unusual CAN bus message patterns
  • Malformed CAN frames
  • Excessive CAN bus traffic

SIEM Query:

source="can_bus_logs" AND (event_type="crash" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2023-3725
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-120
Published: October 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3725, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)