VDB
CVE-2023-2794
CVE-2023-2794
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().
EPSS 0.17% · 37.8th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.17%
37.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 2.5 | ||
| linux | ofono | 0 |
| ofono_project | ofono | 0, 0 |
| fedoraproject | fedora | 40, 39, 39 |
Exploit Intelligence
Timeline
- Dec 20, 2023 CVE Published
- Apr 11, 2024 EPSS Score
- May 6, 2024 EPSS Score
- May 31, 2024 EPSS Score
- Jun 25, 2024 EPSS Score
- Jul 21, 2024 EPSS Score
- Aug 15, 2024 EPSS Score
- Sep 9, 2024 EPSS Score
- Oct 4, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-2794 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2255387 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/ technical