CVE-2024-4785 - Vulnerability Details - OpenCVE

BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00218.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Zephyrproject Subscribe	Zephyr Subscribe

Configuration 1 [-]

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-44378	BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp

History

Wed, 17 Sep 2025 14:30:00 +0900

Type	Values Removed	Values Added
Weaknesses	CWE-20

Tue, 04 Feb 2025 05:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Zephyrproject Zephyrproject zephyr
CPEs		cpe:2.3:o:zephyrproject:zephyr::::::::
Vendors & Products		Zephyrproject Zephyrproject zephyr

Fri, 23 Aug 2024 00:30:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 20 Aug 2024 07:15:00 +0900

Type	Values Removed	Values Added
Description		BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
Title		BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
Weaknesses		CWE-20 CWE-369
References		https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2024-08-19T22:10:05.249Z

Updated: 2025-09-17T05:02:14.495Z

Reserved: 2024-05-10T19:03:31.098Z

Link: CVE-2024-4785

Vulnrichment

Updated: 2024-08-22T14:27:56.528Z

NVD

Status : Modified

Published: 2024-08-19T22:15:05.893

Modified: 2025-09-17T05:15:31.443

Link: CVE-2024-4785

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-369

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4785", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "state": "PUBLISHED", "assignerShortName": "zephyr", "dateReserved": "2024-05-10T19:03:31.098Z", "datePublished": "2024-08-19T22:10:05.249Z", "dateUpdated": "2025-09-17T05:02:14.495Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Zephyr", "product": "Zephyr", "repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThanOrEqual": "3.6", "status": "affected", "version": "*", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"}], "value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-369", "description": "Divide By Zero", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2025-09-17T05:02:14.495Z"}, "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"}], "source": {"discovery": "UNKNOWN"}, "title": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T14:27:50.440384Z", "id": "CVE-2024-4785", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T14:28:01.854Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4785", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-22T14:27:50.440384Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T14:27:56.528Z"}}], "cna": {"title": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "product": "Zephyr", "versions": [{"status": "affected", "version": "*", "versionType": "git", "lessThanOrEqual": "3.6"}], "packageName": "Zephyr", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero", "supportingMedia": [{"type": "text/html", "value": "BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-369", "description": "Divide By Zero"}]}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2025-09-17T05:02:14.495Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4785", "state": "PUBLISHED", "dateUpdated": "2025-09-17T05:02:14.495Z", "dateReserved": "2024-05-10T19:03:31.098Z", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "datePublished": "2024-08-19T22:10:05.249Z", "assignerShortName": "zephyr"}, "dataVersion": "5.1"}