CVE-2026-5066
Out-of-Bounds Write in Zephyr RTOS Network Sockets TLS
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Zephyr Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds write and read issue in the TLS socket connect path of the network sockets subsystem. Specifically, when the TLS session cache is enabled, the functions tls_session_store() and tls_session_restore() use memcpy to copy data from a caller-supplied address into a fixed-size buffer. However, they do not validate the length of the data (addrlen) against the size of the destination buffer. Because the struct net_sockaddr is opaque, an application can supply an addrlen larger than the actual buffer size, causing memcpy to read and write beyond the intended memory boundaries.
This out-of-bounds memory access can lead to a crash, resulting in denial of service, and may also allow an attacker to execute arbitrary code.
How can this vulnerability impact me? :
The vulnerability can cause a system crash leading to denial of service, disrupting normal operations.
Additionally, because it involves out-of-bounds memory writes, it may allow an attacker to execute arbitrary code, potentially compromising system security and control.