CVE-2026-10643
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
28/06/2026
Last modified:
29/06/2026
Description
Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen
Impact
Base Score 3.x
8.70
Severity 3.x
HIGH



