libcsp CVE Vulnerabilities & Metrics

Focus on libcsp vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About libcsp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with libcsp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total libcsp CVEs: 5
Earliest CVE date: 28 Oct 2016, 15:59 UTC
Latest CVE date: 11 Aug 2025, 19:15 UTC

Latest CVE reference: CVE-2025-51824

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical libcsp CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.5

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	0
7.0-8.9	3
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS libcsp CVEs

These are the five CVEs with the highest CVSS scores for libcsp, sorted by severity first and recency.

CVE-2016-8598 libcsp Published on 28 Oct 2016, 15:59 UTC (CVSS: 7.5)
Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.
CVE-2016-8597 libcsp Published on 28 Oct 2016, 15:59 UTC (CVSS: 7.5)
Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.
CVE-2016-8596 libcsp Published on 28 Oct 2016, 15:59 UTC (CVSS: 7.5)
Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.
CVE-2025-51824 libcsp Published on 11 Aug 2025, 19:15 UTC (CVSS: 0)
libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
CVE-2025-51823 libcsp Published on 11 Aug 2025, 19:15 UTC (CVSS: 0)
libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.

All CVEs for libcsp

CVE-2025-51824 libcsp vulnerability CVSS: 0 11 Aug 2025, 19:15 UTC

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.

CVE-2025-51823 libcsp vulnerability CVSS: 0 11 Aug 2025, 19:15 UTC

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.

CVE-2016-8598 libcsp vulnerability CVSS: 7.5 28 Oct 2016, 15:59 UTC

Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.

CVE-2016-8597 libcsp vulnerability CVSS: 7.5 28 Oct 2016, 15:59 UTC

Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.

CVE-2016-8596 libcsp vulnerability CVSS: 7.5 28 Oct 2016, 15:59 UTC

Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.