Уязвимость CVE-2023-4235

Пакет	Статус	Версия исправления	Релиз	Тип
ofono	fixed	2.14-1		package
ofono	postponed		bookworm	package
ofono	no-dsa		bullseye	package
ofono	postponed		buster	package

CVE-2023-4235

CVSS3: 8.1

ubuntu

почти 2 года назад

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().

CVE-2023-4235

CVSS3: 8.1

nvd

почти 2 года назад

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().

GHSA-442g-7r67-9534

CVSS3: 8.1

github

почти 2 года назад

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().

BDU:2024-04254

CVSS3: 8.1

fstec

больше 2 лет назад

Уязвимость функции decode_deliver_report() стека мобильной телефонии oFono, позволяющая нарушителю выполнить произвольный код

exploitDog

CVE-2023-4235

Описание

Пакеты

Примечания

Связанные уязвимости