doc: security: cve-2023-4257 left embargo

Disclose information about cve-2023-4257. Signed-off-by: Flavio Ceolin <[email protected]>
zephyrproject-rtos · Oct 14, 2023 · 90b9809 · 90b9809
1 parent 52cf7e6
commit 90b9809
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/doc/releases/release-notes-3.5.rst b/doc/releases/release-notes-3.5.rst
@@ -23,7 +23,8 @@ https://docs.zephyrproject.org/latest/security/vulnerabilities.html
 * CVE-2023-3725 `Zephyr project bug tracker GHSA-2g3m-p6c7-8rr3
   <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3>`_
 
-* CVE-2023-4257: Under embargo until 2023-10-12
+* CVE-2023-4257 `Zephyr project bug tracker GHSA-853q-q69w-gf5j
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j>`_
 
 * CVE-2023-4258 `Zephyr project bug tracker GHSA-m34c-cp63-rwh7
   <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7>`_

diff --git a/doc/security/vulnerabilities.rst b/doc/security/vulnerabilities.rst
@@ -1370,7 +1370,19 @@ This has been fixed in main for v3.5.0
 CVE-2023-4257
 -------------
 
-Under embargo until 2023/10/12
+Unchecked user input length in the Zephyr WiFi shell module can cause
+buffer overflows.
+
+- `Zephyr project bug tracker GHSA-853q-q69w-gf5j
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j>`_
+
+This has been fixed in main for v3.5.0
+
+- `PR 605377 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/605377>`_
+
+- `PR 61383 fix for 3.4
+  <https://github.com/zephyrproject-rtos/zephyr/pull/61383>`_
 
 CVE-2023-4258
 -------------